CVE-2026-6892
Summary
| CVE | CVE-2026-6892 |
|---|---|
| State | PUBLISHED |
| Assigner | Canon |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-29 00:16:16 UTC |
| Updated | 2026-05-29 14:46:09 UTC |
| Description | Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization. *:Canon PIXUS iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (Japan) Canon PIXMA MG2500 Series and iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (US and Europe) |
Risk And Classification
Primary CVSS: v4.0 5.1 MEDIUM from f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.000140000 probability, percentile 0.027680000 (date 2026-05-30)
Problem Types: CWE-59 | CWE-59 CWE-59 Improper link resolution before file access ('link following')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | f98c90f0-e9bd-4fa7-911b-51993f3571fd | Secondary | 5.1 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 5.1 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| 3.1 | f98c90f0-e9bd-4fa7-911b-51993f3571fd | Secondary | 5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N |
| 3.1 | CNA | CVSS | 5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N |
CVSS v4.0 Breakdown
Attack Vector
LocalAttack Complexity
LowAttack Requirements
NonePrivileges Required
LowUser Interaction
PassiveConfidentiality
NoneIntegrity
HighAvailability
NoneSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
RequiredScope
UnchangedConfidentiality
NoneIntegrity
HighAvailability
NoneCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Canon Inc. | Canon PIXUS IX6800 Series CUPS Printer Driver For MacOS | affected 16.91.0.0 or earlier | Not specified |
| CNA | Canon Inc. | PIXMA MG2500 Series CUPS Printer Driver For MacOS | affected 16.91.0.0 or earlier | Not specified |
| CNA | Canon Inc. | PIXMA IX6800 Series CUPS Printer Driver For MacOS | affected 16.91.0.0 or earlier | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Re... | f98c90f0-e9bd-4fa7-911b-51993f3571fd | www.usa.canon.com | |
| canon.jp/support/support-info/260528-1vulnerability-response | f98c90f0-e9bd-4fa7-911b-51993f3571fd | canon.jp | |
| psirt.canon/advisory-information/cp2026-004 | f98c90f0-e9bd-4fa7-911b-51993f3571fd | psirt.canon | |
| www.canon-europe.com/support/product-security | f98c90f0-e9bd-4fa7-911b-51993f3571fd | www.canon-europe.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.