CVE-2026-14476
Red Hat · Red Hat Enterprise Linux (SSSD)
A path traversal vulnerability in the SSSD AD GPO provider of Red Hat Enterprise Linux allows for potential unauthorized file access.
Executive summary
A path traversal flaw in the SSSD AD GPO provider across multiple versions of Red Hat Enterprise Linux and OpenShift creates a high-risk security exposure.
Vulnerability
This vulnerability (CWE-23) is a relative path traversal flaw within the SSSD AD GPO provider. It requires high-privileged access (PR:H) to exploit, but allows for a container-escaped scope (S:C) to perform unauthorized file system operations.
Business impact
With a CVSS score of 8.0, this vulnerability poses a significant risk to the integrity and confidentiality of Linux environments. Although it requires high privileges, the ability to perform path traversal in the context of SSSD/AD integration could allow an attacker to read or manipulate sensitive system files, potentially leading to total system compromise.
Remediation
Immediate Action: Consult the Red Hat security advisory and apply the relevant SSSD patches for your specific RHEL or OpenShift version.
Proactive Monitoring: Review system audit logs for unauthorized file access attempts or anomalous behavior originating from the SSSD service.
Compensating Controls: Enforce strict file system permissions and ensure that high-privileged accounts are monitored through robust Identity and Access Management (IAM) practices.
Exploitation status
Public Exploit Available: false
Analyst recommendation
While the requirement for high privileges mitigates the immediate risk from external actors, this vulnerability remains a critical threat to internal security. System administrators should prioritize applying the vendor-provided patches during the next maintenance window to prevent potential privilege escalation or lateral movement.