Platform
linux
Component
util-linux
Fixed in
2.41.5
CVE-2026-27456 identifies a Race Condition vulnerability within the util-linux suite, specifically affecting the /usr/bin/mount binary. This flaw allows a local attacker to potentially escalate privileges by manipulating file paths during loop device setup. The vulnerability impacts versions prior to 2.41.4 and a patch has been released to address it.
The vulnerability lies in the mount binary's handling of loop device setup. It performs a check on the source file path using user privileges, but subsequently re-canonicalizes and opens the file with root privileges without re-verifying the path. This TOCTOU (Time-of-Check-Time-of-Use) condition allows an attacker to replace the file between the check and the open, potentially leading to arbitrary code execution with root privileges. Successful exploitation could grant an attacker complete control over the affected system, enabling data theft, system modification, and further malicious activities. The potential for privilege escalation makes this a significant security concern.
CVE-2026-27456 was publicly disclosed on 2026-04-03. The vulnerability's severity is rated as MEDIUM (CVSS 4.7). There is currently no indication of active exploitation campaigns or publicly available exploits. It is not listed on the CISA KEV catalog at the time of writing. The vulnerability's local nature and the need for precise timing may limit its widespread exploitation.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade util-linux to version 2.41.4 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. One potential workaround involves restricting access to the /usr/bin/mount binary or implementing stricter file access controls to prevent unauthorized modifications during the loop device setup process. Monitoring system logs for suspicious mount activity can also aid in detection. After upgrading, confirm the fix by attempting to reproduce the vulnerability with a test file and observing that the mount operation fails or behaves as expected.
Update the util-linux package to version 2.41.4 or higher to mitigate the TOCTOU vulnerability. This update corrects the incorrect source file path validation during loop device setup, preventing arbitrary code execution as root.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-27456 is a Race Condition vulnerability in util-linux versions before 2.41.4 affecting the /usr/bin/mount binary, allowing potential privilege escalation.
You are affected if you are running util-linux versions prior to 2.41.4. Check your system's util-linux version to determine if you are vulnerable.
Upgrade util-linux to version 2.41.4 or later. If immediate upgrade is not possible, consider temporary workarounds like restricting access to /usr/bin/mount.
There is currently no indication of active exploitation campaigns or publicly available exploits for CVE-2026-27456.
Refer to the official util-linux project website or relevant security mailing lists for the advisory related to CVE-2026-27456.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.