CVE-2026-29123

Severity CVSS v4.0:

HIGH

Type:

CWE-269 Improper Privilege Management

Publication date:

05/03/2026

Last modified:

05/03/2026

Description

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symlink abuse or shared object hijacking.

Impact

Vector 4.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 8.60 HIGH
Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Attack Vector (AV): Local
Attack Complexity (AC): High
Attack Requirements (AT): Present
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): None
Confidentiality (SC): High
Integrity (SI): High
Availability (SA): None

Base Score 4.0

8.60

Severity 4.0

HIGH

References to Advisories, Solutions, and Tools

https://www.abdulmhsblog.com/posts/sfx2100-vulns/