Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux Chmod Can Access Sensitive Files Through Symlink
GO-2026-4864
CVE-2026-32282
Summary
Linux systems using the Chmod function may allow unauthorized access to sensitive files if an attacker replaces the target with a symbolic link. This could potentially lead to unauthorized changes or data theft. To mitigate this risk, ensure that only trusted processes are allowed to use Chmod, and consider implementing additional controls to prevent symlink replacement.
What to do
- Update stdlib to version 1.26.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | stdlib | > 1.26.0-0 , <= 1.26.2 | 1.26.2 |
Original title
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root...
Original description
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026