CVE-2026-54228 – Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories

CVE ID :CVE-2026-54228

Published : June 13, 2026, 3:16 a.m. | 33 minutes ago

Description :A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service’s SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package validation and allowing crashes of unpackaged binaries to survive post-create processing.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9848 – WP Ticket

CVE-2026-54231 – Abrt: unsanitized systemd journal content written to dump directory files enables content injection

CVE-2026-54230 – Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites

CVE-2026-54229 – Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking