CVE-2026-23893 — Link Following in Opencryptoki

CWE-59 — Link Following6 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

0.0%

top 99.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opencryptoki Opencryptoki Project Opencryptoki

Timeline

PublishedJan 22

Description

openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token directories, resulting in privilege escalation or data exposure. Token and lock directories are 0770 (group-writable for token users), so any token-group member can plant files and symlinks inside them. …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:LExploitability: 1.3 | Impact: 5.5

Affected Packages2 packages

▶CVEListV5opencryptoki/opencryptoki>= 2.3.2

▶NVDopencryptoki_project/opencryptoki

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2026-23893: openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX↗2026-01-22

▶

CVEList

openCryptoki has improper link resolution before file access (link following)↗2026-01-22

▶

📋Vendor Advisories

Red Hat

openCryptoki: openCryptoki: Privilege Escalation or Data Exposure via Symlink Following↗2026-01-22

▶

Debian

CVE-2026-23893: opencryptoki - openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versio...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23893 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶