Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
4177 articles · 176190 vulns · 36/41 feeds (7d)
← Back to list
—
CVE-2026-59674PATCHED
su · opensuse tumbleweed

LPE from suricata user to root due to chown in %post in suricata packaging

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed suricata package allows the suricata user to escalate to root. This issue affects openSUSE Tumbleweed: from ? before 8.0.5-2.1; openSUSE Tumbleweed: from ? before 8.0.5-2.1.

Affected Products

VendorProductVersions
suopensuse tumbleweed?, ?

References

  • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-59674

Related News (1 articles)

Tier C
VulDB1d ago
CVE-2026-59674 | SUSE openSUSE up to 6.0.4 symlink
→ No new info (linked only)
CISA KEV❌ No
Actively exploited❌ No
Patch available
8.0.5-2.1
CWECWE-61
PublishedJul 14, 2026
Last enriched1d agov2
Trending Score22
Source articles1
Independent1
Info Completeness8/14
Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHPRE-CVE
Local Denial-of-Service Attack Vectors in seunshare
Trending: 27
NONECVE-2025-8412
VMDP: Potential buffer overflow in the RtlQueryRegistryValues function
Trending: 18
CRITICALCVE-2026-44937EXP
SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components
Trending: 12
MEDIUMCVE-2026-44936EXP
Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml
Trending: 10
NONECVE-2026-44934EXP
Exposed tokens in SUSE Rancher AI Agent logs
Trending: 9

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, affectedVersions, severity
Jul 14, 2026
Patch Available
Jul 14, 2026

Version History

v2
Last enriched 1d ago
v2Tier C1d ago

Updated vendor to SUSE, product to openSUSE, severity to CRITICAL, and affected versions to 'up to 6.0.4', along with a new description.

descriptionaffectedVersionsseverity
via VulDB
v11d ago

Initial creation