GHSA-whf7-7mxf-ww93 · Severity: medium — An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly...
An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic information without verifying the file type or ownership. An unprivileged local attacker can exploit this behavior by creating a symbolic link (symlink) at a predictable destination path pointing to an arbitrary, root-readable file (such as /etc/shadow or private files within /root). When a root administrator or operator subsequently executes the pro collect-logs command, the tool follows the user-controlled symlink, reads the target file, and compresses its contents into the resulting diagnostic support archive. Because the output archive remains readable by the unprivileged user, the attacker can extract and read the sensitive root-owned files, leading to a complete information disclosure of system secrets.
Conclusion & alert: CVE-2026-12391 is rated Low Risk (30.8/100): CVSS Medium severity. Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
EPSS has not published a score for this CVE yet—common while NVD analysis or FIRST scoring is still pending. Monitor daily updates and reassess once scores appear.
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.0 | 3.1 | MEDIUM |
|
1.3 | 3.6 | [email protected] |
GHSA-whf7-7mxf-ww93 · Severity: medium — An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly...
| vendor | priority | summary | link |
|---|---|---|---|
ubuntu
|
medium | CVE-2026-12391 medium priority: Ubuntu including 1 source packages (ubuntu-advantage-tools), 9 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): released 6, ignored 1, needs-triage 1, not-affected 1. | https://ubuntu.com/security/CVE-2026-12391 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| No affected products in dataset. | |||