What is GHSA-q9wc-hhm5-fjq7?

GHSA-q9wc-hhm5-fjq7 is a security advisory published by GitHub Security Advisories with Medium severity. Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8...

Which CVE IDs does GHSA-q9wc-hhm5-fjq7 cover?

GHSA-q9wc-hhm5-fjq7 covers the following CVE IDs: CVE-2026-6891. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-q9wc-hhm5-fjq7?

GHSA-q9wc-hhm5-fjq7 has a CVSS v3 base score of 5.0, published by GitHub Security Advisories.

GHSA-q9wc-hhm5-fjq7MediumCVSS 5.0

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-6891 →

📋 Description

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-6891
https://canon.jp/support/support-info/260528-2vulnerability-response
https://psirt.canon/advisory-information/cp2026-004
https://www.canon-europe.com/support/product-security
https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS
https://github.com/advisories/GHSA-q9wc-hhm5-fjq7