CVE-2026-6892
Awaiting Analysis Awaiting Analysis - Queue
Symbolic Link Handling Flaw in Canon CUPS Printer Driver for macOS

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: Canon Inc.

Description
Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization.Β  *:Canon PIXUS iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (Japan) Canon PIXMA MG2500 Series and iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (US and Europe)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-6892
EUVD
EUVD-2026-33231
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
canon pixus_ix6800_series_cups_printer_driver to 16.91.0.0 (exc)
canon pixma_mg2500_series_cups_printer_driver to 16.91.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves improper handling of symbolic links in the installer of the CUPS Printer Driver for macOS. A local attacker who has login privileges can exploit a specially crafted symbolic link during the installation process to modify permissions of directories that they normally would not have authorization to change.

Specifically, the issue arises because the installer does not properly validate symbolic links, allowing a malicious user to alter file or directory permissions in an unauthorized way.

Impact Analysis

This vulnerability can allow a local attacker with login access to escalate their privileges by changing permissions on files or directories they should not have access to. This could lead to unauthorized modification of system files or configurations, potentially compromising system integrity or security.

Mitigation Strategies

To mitigate this vulnerability, users should update their Canon printer drivers to the latest versions provided by Canon on their software download page.

Installing the updated drivers ensures that the improper handling of symbolic links during installation is fixed, preventing unauthorized modification of directory permissions.

  • Visit Canon's official support page to download the latest printer driver versions.
  • Replace any affected printer drivers (such as PIXUS iX6800 Series and PIXMA MG2500 Series) with the updated versions.
  • Avoid using outdated drivers that are version 16.91.0.0 or earlier.
Compliance Impact

The vulnerability allows a local attacker with login privileges to exploit symbolic links during installation to modify directory permissions beyond their authorization. This improper permission modification could potentially lead to unauthorized access or alteration of sensitive data.

Such unauthorized permission changes may impact compliance with standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive information. If exploited, this vulnerability could undermine these compliance requirements by enabling privilege escalation or unauthorized data access.

Canon has released updated drivers to address this issue, and users are advised to update to maintain security and compliance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6892. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart