CVE-2026-6892
Description
Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization.
*:Canon PIXUS iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (Japan)
Canon PIXMA MG2500 Series and iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (US and Europe)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A symlink validation flaw in Canon CUPS printer driver installer (versions ≤16.91.0.0) allows local attackers with login privileges to alter directory permissions.
Vulnerability
The Canon CUPS Printer Driver for macOS installer improperly validates symbolic links during installation [1]. Affected versions are Canon PIXUS iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (Japan) and Canon PIXMA MG2500 Series and iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (US and Europe). The flaw exists in the installer's handling of symlinks that can be manipulated by a local attacker with login privileges.
Exploitation
To exploit, an attacker must have local login access to the macOS system and create a specially crafted symbolic link pointing to a target directory for which they lack normal write permissions. When the legitimate user or administrator runs the affected printer driver installer, the installer follows the malicious symlink and applies permission changes to the attacker-specified directory instead of the intended installation location. No additional authentication or user interaction beyond running the installer is required [1].
Impact
Successful exploitation allows the attacker to modify the permissions of directories they would not normally be authorized to change. This could result in unauthorized access to sensitive files or further local privilege escalation, as the permission alteration may grant the attacker read, write, or execute rights on protected directories [1].
Mitigation
Canon has released updated macOS printer driver packages that correct the symlink validation issue. Users should download and install the latest drivers from the Canon software download page for their region. The fixed drivers are available as of the advisory publication date [1]. No workarounds have been documented, and this CVE is not listed on the Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=16.91.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4- canon.jp/support/support-info/260528-1vulnerability-responsenvd
- psirt.canon/advisory-information/cp2026-004/nvd
- www.canon-europe.com/support/product-security/nvd
- www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOSnvd
News mentions
0No linked articles in our index yet.