CVE-2021-26910
HIGH7.0EPSS 0.05%firejail - security update
Published: 2/8/2021Modified: 4/28/2026
Description
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
Affected packages (3)
- Debian/firejailfrom 0, < 0.9.64.4-1
- Debian/firejailfrom 0, < 0.9.44.8-2+deb9u2
- Debian/firejailfrom 0, < 0.9.58.2-2+deb10u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |