VDB
CVE-2026-31979
CVE-2026-31979
PUBLISHED
CVSS 8.800000190734863 HIGH
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_<uid> without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the tasks daemon's systemd hardening, exposing it to the host /tmp. A local user can exploit this via symlink attacks to chown or overwrite arbitrary files, achieving local privilege escalation. This vulnerability is fixed in 3.1.0 and 2.3.8.
EPSS 0.02% · 6.5th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.02%
6.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| himmelblau-idm | himmelblau | >= 1.0.0, < 2.3.8, >= 3.0.0-alpha, < 3.1.0, 1.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2026-31979 (circl-sighting)
- CIRCL seen: CVE-2026-31979 (circl-sighting)
- https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-44wm-q286-ghq3 (nist-nvd)
Timeline
- Mar 11, 2026 PoC Published
- Mar 11, 2026 CVE Published
- Mar 11, 2026 CVE Updated
- Mar 12, 2026 EPSS Score
- Mar 13, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 17, 2026 Coalition ESS Score
- Mar 18, 2026 EPSS Score
- Mar 19, 2026 EPSS Score