Insecure Temporary File Affecting linuxfabrik-lib package, versions [,4.2.0)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-LINUXFABRIKLIB-17838377
  • published6 Jul 2026
  • disclosed6 Jul 2026
  • creditUnknown

Introduced: 6 Jul 2026

NewCVE-2026-53759  (opens in a new tab)
CWE-377  (opens in a new tab)

How to fix?

Upgrade linuxfabrik-lib to version 4.2.0 or higher.

Overview

linuxfabrik-lib is a Python libraries used in various Linuxfabrik projects, including the 'Linuxfabrik Monitoring Plugins' project.

Affected versions of this package are vulnerable to Insecure Temporary File in the process that creates SQLite databases at predictable paths in /tmp. An attacker can overwrite or modify arbitrary files by creating symlinks at these paths, which are then followed by the monitoring scripts. This can result in unauthorized modification of files or denial of service by corrupting or replacing important files when the scripts are executed with elevated privileges. This is only exploitable if an attacker has already compromised the account used to execute the monitoring scripts and the system does not employ protections such as isolated temporary directories.

CVSS Base Scores

version 4.0
version 3.1