QwikSec

Security Database

CVE

CWE

Training

CVE-2026-6891

Published: May 28, 2026

Modified: May 29, 2026

PUBLISHED

CVSS v3.1

5.0

MEDIUM

Description

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.

Vendor	Product	Versions
Canon Inc.	My Image Garden for macOS	affected `3.6.8 or earlier`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

References

https://psirt.canon/advisory-information/cp2026-004/

vendor-advisory

https://canon.jp/support/support-info/260528-2vulnerability-response

vendor-advisory

https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS

vendor-advisory

https://www.canon-europe.com/support/product-security/

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.