{"id":81261,"date":"2026-06-30T04:39:34","date_gmt":"2026-06-30T01:09:34","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-58302-linuxcnc-rtapi_app-privilege-escalation\/"},"modified":"2026-06-30T04:39:34","modified_gmt":"2026-06-30T01:09:34","slug":"cve-2026-58302-linuxcnc-rtapi_app-privilege-escalation","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-58302-linuxcnc-rtapi_app-privilege-escalation\/","title":{"rendered":"CVE-2026-58302 &#8211; LinuxCNC rtapi_app Privilege Escalation"},"content":{"rendered":"<p>CVE ID :CVE-2026-58302<\/p>\n<p>  Published : June 30, 2026, 1:09 a.m. | 2\u00a0hours, 36\u00a0minutes ago<\/p>\n<p>  Description :rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.<\/p>\n<p>  Severity: 8.4 | HIGH<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-58302 Published : June 30, 2026, 1:09 a.m. | 2\u00a0hours, 36\u00a0minutes ago Description :rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-81261","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=81261"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81261\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=81261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=81261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=81261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}