CVE-2026-34354: Guardicore Local Privilege Escalation Vulnerability

Source: Linode Blog

Summary

Akamai has mitigated a local privilege escalation vulnerability in the Akamai Guardicore Platform Agent for macOS and Linux. Fixed versions have been available since early April 2026. Users are strongly encouraged to upgrade if they have not already done so.

Affected Products

• Akamai Guardicore Platform Agent (macOS, Linux)
• Akamai Zero Trust Client (macOS, Linux)
• Akamai Guardicore Platform Agent (Windows) – affected by a related issue, but not immediately exploitable.

Vulnerability Details

• The services create an IPC socket in the world‑writable /tmp directory that accepts unauthenticated IPC control messages.
• This enables a TOCTOU vulnerability in the HandleSaveLogs() function: a log file can be manipulated into a symlink pointing to an arbitrary path, allowing an unprivileged local user to make arbitrary root‑owned files world‑writable.
• A diagnostic collection tool (gimmelogs) running with root privileges is vulnerable to command injection from the dbstore, providing a second privilege‑escalation vector.
• On Windows, the same command‑injection vector exists but is not immediately exploitable; it does allow creation of a diagnostic zip file at an arbitrary location.
• The attack requires local access to the workstation or server and is not remotely exploitable.

The vulnerability is tracked as CVE‑2026‑34354.

Mitigation

• macOS and Linux customers: Upgrade the client following Akamai’s online documentation or contact the Akamai Control Center Portal for assistance. The installation steps for the Akamai Zero Trust Client are identical.
• Windows customers: No immediate risk, but upgrading during the regular maintenance window is recommended to benefit from enhanced security hardening and file‑system protections.

Credits

The vulnerability was discovered internally by Rajesh Sharma.