VYPR

App Framework Binder

by Automotivelinux

CVEs (2)

  • CVE-2026-37526HigMay 1, 2026
    risk 0.51cvss 7.8epss 0.00

    AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The…

  • CVE-2026-37525HigMay 1, 2026
    risk 0.51cvss 7.8epss 0.00

    AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitly nullifies the request credentials by calling…