Search for vulnerabilities
Vulnerability details: VCID-9ecj-5atm-aaag
Vulnerability ID VCID-9ecj-5atm-aaag
Aliases CVE-2022-26691
MNDT-2022-0026
MNDT-2022-0026
Summary A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-697 Incorrect Comparison
CWE-269 Improper Privilege Management
CWE-288 Authentication Bypass Using an Alternate Path or Channel
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:4990
rhas Important https://access.redhat.com/errata/RHSA-2022:5054
rhas Important https://access.redhat.com/errata/RHSA-2022:5055
rhas Important https://access.redhat.com/errata/RHSA-2022:5056
rhas Important https://access.redhat.com/errata/RHSA-2022:5057
cvssv3 6.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26691.json
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
epss 9e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-26691
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=2084321
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-26691
cvssv3 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26691
cvssv3.1 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26691
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26691.json
https://api.first.org/data/v1/epss?cve=CVE-2022-26691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apple-oss-distributions/cups/commits/cups-499.4/cups/scheduler/cert.c
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md
https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444
https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/
https://support.apple.com/en-us/HT213183
https://support.apple.com/en-us/HT213184
https://support.apple.com/en-us/HT213185
https://www.debian.org/security/2022/dsa-5149
1011769 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011769
2084321 https://bugzilla.redhat.com/show_bug.cgi?id=2084321
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2022-26691 https://nvd.nist.gov/vuln/detail/CVE-2022-26691
GLSA-202402-17 https://security.gentoo.org/glsa/202402-17
RHSA-2022:4990 https://access.redhat.com/errata/RHSA-2022:4990
RHSA-2022:5054 https://access.redhat.com/errata/RHSA-2022:5054
RHSA-2022:5055 https://access.redhat.com/errata/RHSA-2022:5055
RHSA-2022:5056 https://access.redhat.com/errata/RHSA-2022:5056
RHSA-2022:5057 https://access.redhat.com/errata/RHSA-2022:5057
USN-5454-1 https://usn.ubuntu.com/5454-1/
USN-5454-2 https://usn.ubuntu.com/5454-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26691.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2022-26691
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-26691
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-26691
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.00779
EPSS Score 0.0001
Published At May 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.