CVE-2026-6891

Summary

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.

Affected Software

VendorProductVersion RangeStatus
Canon Inc.My Image Garden for macOS3.6.8 or earlieraffected

Weaknesses

  • CWE-59: CWE-59 Improper link resolution before file access ('link following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References