CVE-2026-6892 - Vulnerability Details

Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization. *:Canon PIXUS iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (Japan) Canon PIXMA MG2500 Series and iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (US and Europe)

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Canon	Pixma Ix6800 Series Cups Printer Driver For Macos Pixma Mg2500 Series Cups Printer Driver For Macos Pixus Ix6800 Series Cups Printer Driver For Macos

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Canon	Pixma Ix6800 Series Cups Printer Driver For Macos Pixma Mg2500 Series Cups Printer Driver For Macos Pixus Ix6800 Series Cups Printer Driver For Macos

References

Link	Providers
https://canon.jp/support/support-info/260528-1vulnerability-response
https://psirt.canon/advisory-information/cp2026-004/
https://www.canon-europe.com/support/product-security/
https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS

History

Fri, 29 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 29 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canon Canon pixma Ix6800 Series Cups Printer Driver For Macos Canon pixma Mg2500 Series Cups Printer Driver For Macos Canon pixus Ix6800 Series Cups Printer Driver For Macos
Vendors & Products		Canon Canon pixma Ix6800 Series Cups Printer Driver For Macos Canon pixma Mg2500 Series Cups Printer Driver For Macos Canon pixus Ix6800 Series Cups Printer Driver For Macos

Fri, 29 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Description		Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS() may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization. :Canon PIXUS iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (Japan) Canon PIXMA MG2500 Series and iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (US and Europe)
Weaknesses		CWE-59
References		https://canon.jp/support/support-info/260528-1vulnerability-response https://psirt.canon/advisory-information/cp2026-004/ https://www.canon-europe.com/support/product-security/ https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Canon

Published: 2026-05-29T00:00:37.110Z

Updated: 2026-05-29T16:51:57.049Z

Reserved: 2026-04-23T04:25:26.676Z

Link: CVE-2026-6892

Vulnrichment

Updated: 2026-05-29T16:45:37.207Z

NVD

Status : Awaiting Analysis

Published: 2026-05-29T00:16:16.847

Modified: 2026-05-29T14:46:09.837

Link: CVE-2026-6892

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-29T15:47:39Z

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object