Security News

Cybersecurity news aggregator

🔓
MEDIUM Vulnerabilities Ubuntu Security

USN-7999-1: Filelock vulnerabilities

filelockcve-2026-22701cve-2025-68146denial-of-servicerace-condition
  • What: The Filelock package has two vulnerabilities: incorrect handling of symlinks in temp files and a race condition in the file locking implementation.
  • Why: These issues could allow a local attacker to cause lock operations to fail, behave unexpectedly, cause a denial of service, or corrupt arbitrary user files.
  • Impact: Systems using the Filelock package are potentially vulnerable to local exploitation.
Read Full Article →

It was discovered that Filelock incorrectly handled symlinks in temp files. A local attacker could possibly use this issue to cause lock operations to fail or behave unexpectedly. (CVE-2026-22701) It was discovered that the file locking implementation in the Filelock package contained a race condition. A local attacker could possibly use this to cause a denial of service or corrupt arbitrary user files. (CVE-2025-68146)

Related Articles

HIGH Multiples vulnérabilités dans les produits IBM (27 février 2026) CERT-FR (ANSSI) INFO CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock Microsoft Security Response Center MEDIUM CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation Microsoft Security Response Center CRITICAL CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) Help Net Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn