CVE-2026-6891 MEDIUM

CVE-2026-6891

Vendor Canon Inc.
Product My Image Garden for macOS
Weakness CWE-59
Published May 28, 2026
Last update May 29, 2026

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.

Key dates

02Disclosure timeline

May 28, 2026 CVE published
May 29, 2026 Record updated