{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-52906/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-14T04:30:31.711Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-52906","@id":"https://www.cve.org/CVERecord?id=CVE-2026-52906","description":"In the Linux kernel, the following vulnerability has been resolved:\n\n9p: fix access mode flags being ORed instead of replaced\n\nSince commit 1f3e4142c0eb (\"9p: convert to the new mount API\"),\nv9fs_apply_options() applies parsed mount flags with |= onto flags\nalready set by v9fs_session_init(). For 9P2000.L, session_init sets\nV9FS_ACCESS_CLIENT as the default, so when the user mounts with\n\"access=user\", both bits end up set. Access mode checks compare\nagainst exact values, so having both bits set "},"products":[{"@id":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:linux:linux:6.19:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:6.19:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 0, 7.0.4, 7.1-rc1, b8f037e87a083291190204b959cda417aaf01058, da2346a48a5a1fed86c3fe3d73c0b60e7b3027c9.","timestamp":"2026-06-14T04:30:31.711Z"}]}