THREAT OPS › Threat News › pwnlift: symlink following and TOCTOU in privileged upload handler allow arbitrary file write as root
pwnlift: symlink following and TOCTOU in privileged upload handler allow arbitrary file write as root
<p>Posted by Greg via Fulldisclosure on Jul 02</p>1. Advisory information<br /> -----------------------<br /> Title: Symlink following and TOCTOU in pwnlift upload handler allow arbitrary file write as root<br /> Advisory: <a href="https://github.com/GregDurys/security-advisories" rel="nofollow">https://github.com/GregDurys/security-advisories</a><br /> GHSA: GHSA-2v7v-rhpw-m9w4<br /> CVE: CVE-20
Indicators of compromise
- CVE-2026-56815cve
Original source: https://seclists.org/fulldisclosure/2026/Jul/10