CVE-2026-54231— Abrt: unsanitized systemd journal content written to dump directory files enables content injection
Possible ATT&CK Techniques 3AI
T1059 · Command and Scripting Interpreter T1055 · Process Injection T1068 · Exploitation for Privilege EscalationAffected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 | any | unknown |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-54231
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Abrt: unsanitized systemd journal content written to dump directory files enables content injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal output by embedding newline characters in syslog messages, controlling the content that root writes to dump directory files.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Redhat libreport 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Redhat libreport是美国Redhat公司开源的一个问题报告通用库。 Redhat libreport存在输入验证错误漏洞,该漏洞源于事件脚本查询 systemd 日志获取与崩溃进程匹配日志条目并写入 dump 目录文件时,未过滤嵌入控制字符,导致本地用户能通过在 syslog 消息嵌入换行符向日志输出注入任意内容,进而控制 root 写入 dump 目录文件的内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 |
II. Public POCs for CVE-2026-54231
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-54231
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-54231 (2)
Same Patch Batch · Red Hat · 2026-06-13 · 4 CVEs total
| CVE-2026-54228 | 7.8 HIGH | Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump d |
| CVE-2026-54230 | 7.0 HIGH | Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary |
| CVE-2026-54229 | 7.0 HIGH | Abrt: chownproblemdir succeeds during active post-create event processing due to inadequat |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 6
- CVE-2026-54230
Abrt: event handler scripts follow symlinks when writing out - CVE-2026-54229
Abrt: chownproblemdir succeeds during active post-create eve - CVE-2026-54228
Abrt: toctou race condition in abrt-dbus setelement allows a - CVE-2025-66286
Webkitgtk: authorization bypass through webpage::send-reques - CVE-2026-6384
Gimp: gimp: arbitrary code execution or denial of service vi
Same vendor: Red Hat
- CVE-2026-11791
389-ds-base: 389-ds-base: use-after-free in schema reload vi - CVE-2026-12505
Cifs-utils: local privilege escalation via forged cifs.spneg - CVE-2026-12515
Katello: missing repository authorization in content_uploads - CVE-2026-12528
389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__n - CVE-2026-12491
Vllm: vllm: image exif rotation & png trns transparency not
Same weakness: CWE-74
- CVE-2026-50107
NGINX Gateway Fabric vulnerability - CVE-2026-20220
Cisco Crosswork Network Controller Remote Code Execution Vul - CVE-2026-47162
Vim: Vimscript Code Injection in netrw NetrwBookHistSave() v - CVE-2026-11859
HTML injection in the Canarytoken links email - CVE-2026-46546
Frappe LMS: HTML injection in user-controlled metadata
V. Comments for CVE-2026-54231
No comments yet