What the vulnerability does

01Description

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

Key dates

02Disclosure timeline

January 22, 2024 CVE published
May 30, 2025 Record updated

Related vulnerabilities

04Related CVE