CVE-2026-54231 – Abrt: unsanitized systemd journal content written to dump directory files enables content injection

CVE ID :CVE-2026-54231

Published : June 13, 2026, 3:16 a.m. | 33 minutes ago

Description :A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal output by embedding newline characters in syslog messages, controlling the content that root writes to dump directory files.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-11769 – Operator – Namespaced User Path Traversal

CVE-2026-9848 – WP Ticket

CVE-2026-54230 – Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites

CVE-2026-54229 – Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking