Improper Symbolic Link Handling in My Image Garden for macOS by Canon
CVE-2026-6891

5.1MEDIUM

Key Information:

Vendor

Canon Inc.

Status
My Image Garden For Mac OS
Vendor
CVE Published:
28 May 2026

What is CVE-2026-6891?

The installer for My Image Garden on macOS versions 3.6.8 and earlier contains a flaw in the handling of symbolic links. This weakness allows a local attacker with valid login credentials to manipulate a specially crafted symbolic link during the installation process. Consequently, the attacker could gain unauthorized permission to modify files, leading to potential data compromise and unauthorized access to sensitive information.

Affected Version(s)

My Image Garden for macOS 3.6.8 or earlier

References

https://psirt.canon/advisory-information/cp2026-004/
vendor-advisory
https://canon.jp/support/support-info/260528-2vulnerabili...
vendor-advisory
https://www.usa.canon.com/support/canon-product-advisorie...
vendor-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.