CVE-2026-6891
Possible ATT&CK Techniques 1AI
T1564.004 · NTFS File AttributesAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canon Inc. | My Image Garden for macOS | 3.6.8 or earlier | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6891
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Canon My Image Garden 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Canon My Image Garden是日本佳能(Canon)公司的一款照片管理与打印软件。 Canon My Image Garden 3.6.8及之前版本存在安全漏洞,该漏洞源于安装程序中对符号链接处理不当,可能导致具有登录权限的本地攻击者利用特制符号链接修改文件权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Canon Inc. | My Image Garden for macOS | 3.6.8 or earlier | - |
II. Public POCs for CVE-2026-6891
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
default-local-qwen3.6 · 16630 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-6891
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-6891 (2)
- 🔗 「My Image Garden for macOS」のインストーラに関する脆弱性対応について|サポート|キヤノンvendor-advisory
IV. Related Vulnerabilities
Same weakness: CWE-59
- CVE-2026-50656
Microsoft Defender Elevation of Privilege Vulnerability - CVE-2026-54230
Abrt: event handler scripts follow symlinks when writing out - CVE-2026-54056
Kitty has an arbitrary file overwrite via symlink following - CVE-2026-54055
Kitty has an Arbitrary File Write via Symlink Race Condition - CVE-2026-45384
bit7z: Arbitrary File Overwrite via Symlink Attack on Predic
V. Comments for CVE-2026-6891
No comments yet