Path Traversal Vulnerability in SSSD's Active Directory Group Policy Provider
CVE-2026-14476

8HIGH

What is CVE-2026-14476?

A path traversal flaw exists in SSSD's Active Directory Group Policy (AD GPO) provider. Specifically, the ad_gpo_extract_smb_components() function fails to properly sanitize '..' sequences in the gPCFileSysPath LDAP attribute. This vulnerability enables an attacker with management access to the AD GPO to write files outside of the designated GPO cache directory, even with root privileges. In environments with default Red Hat Enterprise Linux (RHEL) configurations and SELinux enforced, this vulnerability could lead to the injection of malicious Kerberos configurations, ultimately resulting in authentication bypass.

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Ian Murphy (Red Hat).
.