HomeCVE Intelligence › CVE-2026-56815
CVSS 8.0 HIGH Zero-Day Exploit

CVE-2026-56815: pwnlift: symlink following and TOCTOU in privileged upload handler allow arbitrary file w…

<p>Posted by Greg via Fulldisclosure on Jul 02</p>1. Advisory information<br> -----------------------<br> Title: Symlink following and TOCTOU in pwnlift upload handler allow arbitrary file write…

8.0CVSS Score
HIGHSeverity
NOCISA KEV
Zero-Day ExploitImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-56815
VendorSecLists
Affected ProductMultiple Targets
Vulnerability TypeZero-Day Exploit
CVSS Score8.0 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via fulldisclosure)

🔬 Technical Analysis

<p>Posted by Greg via Fulldisclosure on Jul 02</p>1. Advisory information<br> -----------------------<br> Title: Symlink following and TOCTOU in pwnlift upload handler allow arbitrary file write as root<br> Advisory: <a rel="nofollow" href="https://github.com/GregDurys/security-advisories">https://github.com/GregDurys/security-advisories</a><br> GHSA: GHSA-2v7v-rhpw-m9w4<br> CVE: CVE-2026-56815<br> Class: CWE-59 (Improper Link Resolution Before File Access), <br> CWE-367 (Time-of-check Time-of-use Race Condit

🎯 Known Indicators of Compromise

{"type":"url","value":"https://github.com/GregDurys/security-advisories">https://github.com/GregDurys/security-advi","confidence_score":0.82,"first_seen":"2026-07-02","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-56815 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence