CVE-2026-6891NVD

Vulnerability Summary

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.

Severity Level

MEDIUM(5.0)

Published Date

May 28, 2026

Last Modified

May 29, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

ScopeUnchanged

ConfidentialityNone

IntegrityHigh

AvailabilityNone

External References

https://psirt.canon/advisory-information/cp2026-004/
https://canon.jp/support/support-info/260528-2vulnerability-response
https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS
https://www.canon-europe.com/support/product-security/