cvedb.io
CVE-2026-6891
MEDIUM · CVSS 5
EPSS exploitation probability: 0%
Published 2026-05-29T00:16:15.987 · Last modified 2026-06-17T11:01:28.860

Summary

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.