🟠 High | Source: Microsoft Security Response Center
A symlink traversal vulnerability in the Linux ACL (Access Control List) library versions prior to 2.4.0 allows attackers to exploit libacl functions to escalate privileges on affected systems. By manipulating symbolic links, a local attacker could gain elevated permissions beyond their intended access level. This is particularly relevant to Azure workloads running Linux-based virtual machines or containers that rely on the acl package.
Security Architect’s Take: Audit Linux-based Azure VMs, AKS node pools, and container images for acl package versions below 2.4.0 and prioritise upgrading to 2.4.0 or later. Additionally, enforce least-privilege policies and consider restricting local user access on shared compute resources to reduce the attack surface for local privilege escalation.
Original advisory: CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions