CVE-2026-6891
Awaiting Analysis Awaiting Analysis - Queue
Symbolic Link Handling Flaw in My Image Garden for macOS

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: Canon Inc.

Description
Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-6891
EUVD
EUVD-2026-33230
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
canon my_image_garden to 3.6.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the installer of My Image Garden for macOS Version 3.6.8 or earlier. It involves improper handling and validation of symbolic links during the installation process. A local attacker who has login privileges can exploit this by creating a specially crafted symbolic link. This exploitation allows the attacker to modify the permissions of files or directories that they would not normally be authorized to change.

Impact Analysis

The vulnerability can allow a local attacker with login access to escalate their privileges by changing file or directory permissions improperly. This could lead to unauthorized modification of files, potentially compromising system integrity or security. Although the attacker must already have local login privileges, the ability to alter permissions on files they normally cannot access increases the risk of further exploitation or data manipulation.

Mitigation Strategies

To mitigate this vulnerability, users should download and install the latest version of My Image Garden for macOS, specifically version 3.6.8a, which addresses the improper handling of symbolic links during installation.

This update fixes the issue that could allow a local attacker with login privileges to exploit a specially crafted symbolic link to modify file permissions improperly.

Users can obtain the updated installer from the official Canon software download page.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6891. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart