JVNVU#93879027: Link following vulnerability in Canon My Image Garden for macOS and CUPS Printer Driver for macOS

Overview

My Image Garden for macOS and CUPS Printer Driver for macOS provided by Canon Inc. contain a vulnerability that allows access to unintended files or directories due to improper resolving of links when accessing files.

Products Affected

CVE-2026-6891

My Image Garden for macOS

CVE-2026-6892

CUPS Printer Driver for macOS

A wide range of products and versions use the affected products. For more information, refer to "Vendor Status" section below.

Description

My Image Garden for MacOS and CUPS Printer Driver for macOS provided by Canon Inc. contain the following vulnerability.

Improper link resolution before file access ('Link following') (CWE-59)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Base Score 5.0
- CVE-2026-6891, CVE-2026-6892

Impact

A local attacker with low privileges may change the permissions of unintended files or directories.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Link
Canon Inc.	CP2026-004 Vulnerability Remediation for My Image Garden for macOS and CUPS Printer Driver for macOS
Canon USA	CPA2026-004: Vulnerability Remediation for My Image Garden for macOS and CUPS Printer Driver for macOS
Canon Europe	CPE2026-004 - Vulnerability Remediation for My Image Garden for macOS and CUPS Printer Driver for macOS

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Canon Inc. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#93879027 Link following vulnerability in Canon My Image Garden for macOS and CUPS Printer Driver for macOS