You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 41054
About this tag
CVE-2026-41054 is a local privilege-escalation vulnerability in the Linux haveged entropy daemon, fixed in haveged 1.9.21. The flaw allows unprivileged users to reach privileged daemon commands due to a failed root-only command-socket permission check. While not a remote wormable issue, it poses a risk in mixed Windows and Linux environments where Linux daemons run via WSL, containers, or cloud images. For WindowsForum readers, the key takeaway is the importance of patching haveged to prevent local root escalation from a low-privilege foothold. The tag covers this specific CVE, its impact on hybrid IT estates, and the associated patch guidance.
CVE-2026-41054 is a local privilege-escalation flaw in the Linux haveged entropy daemon, disclosed and fixed in haveged 1.9.21 on May 19–20, 2026, in which a failed root-only command-socket permission check still allowed unprivileged users to reach privileged daemon commands. The bug is not a...