CVE-2026-6892

5.0 MEDIUM

Published: May 29, 2026 Modified: May 29, 2026

Description

Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization. *:Canon PIXUS iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (Japan) Canon PIXMA MG2500 Series and iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (US and Europe)

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://canon.jp/support/support-info/260528-1vulnerability-response

Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd

https://psirt.canon/advisory-information/cp2026-004/

Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd

https://www.canon-europe.com/support/product-security/

Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd

https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS

Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd

4 reference(s) from NVD

Quick Stats

CVSS v3 Score

5.0 / 10.0

EPSS (Exploit Probability)

0.1%

2th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-59

Related CVEs

CVE-2026-48777 N/A

CVE-2026-47750 7.8

CVE-2026-47747 7.8

CVE-2026-46448 5.4

CVE-2026-22313 9.1