CVE-2026-11853 | THREATINT – Canadian Cyber Watch

Description

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.

PUBLISHED Reserved 2026-06-10 | Published 2026-06-10 | Updated 2026-06-10 | Assigner debian

Product status

Default status
unaffected

0.12.0 (semver) before 0.14.9
affected

References

salsa.debian.org/freexian-team/debusine/-/work_items/1484

salsa.debian.org/…xian-team/debusine/-/merge_requests/3103

salsa.debian.org/…c24cdc49fb258714767546bdec5b09f8065d414e

cve.org (CVE-2026-11853)

nvd.nist.gov (CVE-2026-11853)

Download JSON

Source link

What's Hot

Ex-school district employee jailed for hacks on former employer

Scientists Discover Vast Ancient ‘Necropolis’ Teeming With Strange New Creatures

Over 400 Arch Linux packages compromised to push rootkit, infostealer

CISA Adds One Known Exploited Vulnerability to Catalog

FreePBX security advisory (AV26–596) – Canadian Centre for Cyber Security

SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

Catchy & Intriguing

IP Address Investigations and Local OSINT

Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

Most Popular