ByteOS Network

NVD Vulnerability Details :

CVE-2026-11853

Deferred

Source-security@debian.org

Published At-10 Jun, 2026 | 10:16

Updated At-10 Jun, 2026 | 20:11

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-59	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-59

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://salsa.debian.org/freexian-team/debusine/-/commit/c24cdc49fb258714767546bdec5b09f8065d414e	security@debian.org	N/A
https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3103	security@debian.org	N/A
https://salsa.debian.org/freexian-team/debusine/-/work_items/1484	security@debian.org	N/A