CVE-2026-6891
Possible ATT&CK Techniques 1AI
T1564.004 · NTFS File AttributesAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canon Inc. | My Image Garden for macOS | 3.6.8 or earlier | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6891
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Canon Inc. | My Image Garden for macOS | 3.6.8 or earlier | - |
II. Public POCs for CVE-2026-6891
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
default-local-qwen3.6 · 16630 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-6891
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-6891 (2)
- 🔗 「My Image Garden for macOS」のインストーラに関する脆弱性対応について|サポート|キヤノンvendor-advisory
IV. Related Vulnerabilities
Same weakness: CWE-59
- CVE-2026-6892
CUPS macOS打印机驱动符号链接权限绕过漏洞 - CVE-2026-45403
AnythingLLM: filesystem-copy-file follows nested symlinks an - CVE-2026-44881
Portainer: Arbitrary File Read via Git Symlink Injection in - CVE-2026-9804
Kubevirt: kubevirt: vmexport directory symlink escape enable - CVE-2026-44711
pam_usb: Symlink attacks on pad directory and pad files enab
V. Comments for CVE-2026-6891
No comments yet