[Japanese]

JVNDB-2026-017322

Link following vulnerability in Canon My Image Garden for macOS and CUPS Printer Driver for macOS

Overview

My Image Garden for MacOS and CUPS Printer Driver for macOS provided by Canon Inc. contain the following vulnerability.
  • Improper link resolution before file access ('Link following') (CWE-59) - CVE-2026-6891, CVE-2026-6892
Canon Inc. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.0 (Medium) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None
Affected Products


Canon Inc.
  • CUPS Printer Driver for macOS (CVE-2026-6892)
  • My Image Garden for macOS (CVE-2026-6891)

A wide range of products and versions use the affected products. For more information, refer to "Vendor Status" section below.
Impact

A local attacker with low privileges may change the permissions of unintended files or directories.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

Canon Inc.
CWE (What is CWE?)

  1. Link Following(CWE-59) [Other]
CVE (What is CVE?)

  1. CVE-2026-6891
  2. CVE-2026-6892
References

  1. JVN : JVNVU#93879027
Revision History

  • [2026/06/01]
      Web page was published

Date Public2026/05/29
Date First Published2026/06/01
Date Last Updated2026/06/01