Back to overview

CVE-2026-14476

HIGH
8.0
CVSS 3.1
Description
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass.

Metadata

CVE ID
CVE-2026-14476
State
PUBLISHED
Assigner
redhat
Reserved
2026-07-02 15:18 UTC
Published
2026-07-07 09:12 UTC
Last updated
2026-07-07 11:09 UTC
Primary CWE
CWE-23
Relative Path Traversal
Vendor / Product
Red Hat / Red Hat Enterprise Linux 10
Sources
cve.org  ·  NVD

Severity & Metrics

8.0 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products (6)
VendorProductPlatformVersions
Red Hat Red Hat Enterprise Linux 10
Red Hat Red Hat Enterprise Linux 6
Red Hat Red Hat Enterprise Linux 7
Red Hat Red Hat Enterprise Linux 8
Red Hat Red Hat Enterprise Linux 9
Red Hat Red Hat OpenShift Container Platform 4
Weakness (CWE)
CWESourceDescription
CWE-23 cna Relative Path Traversal
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.0 HIGH 3.1 cna CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Back to overview