🟠 High | Source: Microsoft Security Response Center
A symlink traversal vulnerability in the ‘attr’ package (versions below 2.6.0) allows an attacker to perform privilege escalation via the getfattr and setfattr utilities. By crafting a malicious symlink, a local attacker could read or modify extended file attributes outside their permitted scope, potentially gaining elevated privileges on affected systems. This is particularly relevant to Azure environments where Linux-based workloads or container images rely on this package.
Security Architect’s Take: Audit Linux-based Azure VMs, containers, and CI/CD pipeline images for ‘attr’ versions below 2.6.0 and update to 2.6.0 or later immediately. Pay particular attention to shared multi-tenant environments or any workload where local code execution by unprivileged users is possible, as privilege escalation from local access can be a critical stepping stone to broader compromise.
Original advisory: CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr