CVE-2026-29123 | THREATINT

Description

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symlink abuse or shared object hijacking.

PUBLISHED Reserved 2026-03-04 | Published 2026-03-05 | Updated 2026-03-05 | Assigner Gridware

HIGH: 8.6CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

affected

SFX2100

affected

Credits

Abdul Mhanni finder

References

www.abdulmhsblog.com/posts/sfx2100-vulns/

cve.org (CVE-2026-29123)

nvd.nist.gov (CVE-2026-29123)

Download JSON