CNNVD-202601-3919 Information

CNNVD ID

CNNVD-202601-3919

Related CVE

CVE-2026-23893

• CNNVD Published: 2026-01-22

Description (Chinese)

openCryptoki是openCryptoki开源的一个适用于 Linux 的 PKCS#11 库和工具。 openCryptoki 2.3.2及之后版本存在后置链接漏洞，该漏洞源于在特权环境中运行时存在符号链接跟随问题，可能导致权限提升或数据泄露。

Description (English)

OpenCryptoki is an openCryptoki open source PKCS#11 library and tool for Linux. OpenCryptoki 2.3.2 and subsequent versions have a backlink loophole, which stems from the problem of a symbol link following while running in a privileged environment, which may lead to a power upgrade or data leak.

Hazard Level

High

Vulnerability Type

后置链接

Affected Vendor

openCryptoki

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/opencryptoki/opencryptoki/commit/5e6e4b42f2b1fcc1e4ef1b920e463bfa55da8b45 https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-j6c7-mvpx-jx5q

Patch

https://github.com/opencryptoki/opencryptoki/releases