Cyber Resilience

CVE-2026-41054

HighUpdated

Published: 20 May 2026

Published
20 May 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 8.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41054 is a high-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Suse (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**.…

more

The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local auth bypass on privileged UNIX socket allows unprivileged users to issue root-level commands (e.g. MAGIC_CHROOT), directly enabling exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-41733Shared CWE-305
CVE-2026-41052Shared CWE-305
CVE-2026-3047Shared CWE-305
CVE-2026-0869Shared CWE-305
CVE-2025-58382Shared CWE-305
CVE-2026-6266Shared CWE-305
CVE-2023-36497Shared CWE-305
CVE-2026-33892Shared CWE-305
CVE-2024-49587Shared CWE-305
CVE-2024-1403Shared CWE-305

Affected Assets

Suse
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

Hardening callouts derived

Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).

Ubuntu 22.04 (1 rule)
  • V-260470 Ubuntu 22.04 LTS, when booted, must require authentication upon booting into single-user and maintenance modes. via CWE-305
Ubuntu 24.04 (1 rule)
  • V-270675 Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes. via CWE-305
Windows 10 (2 rules)
  • V-220812 Credential Guard must be running on Windows 10 domain-joined systems. via CWE-305
  • V-220865 The Windows Remote Management (WinRM) service must not use Basic authentication. via CWE-305

References