<Vulnerability name="CVE-2026-15392">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-07-14T15:34:01</PublicDate>
    <Bugzilla id="2500029" url="https://bugzilla.redhat.com/show_bug.cgi?id=2500029" xml:lang="en:us">
perl-DBI: DBD::File: Arbitrary file read/write via symlink vulnerability
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>6.3</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-59</CWE>
    <Details xml:lang="en:us" source="Mitre">
DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location.

The complete_table_name method builds the absolute table file path without checking whether the file is a symbolic link. A link inside the data directory can point to a table file at any path outside of the configured f_dir and f_dir_search directories.

Callers of file-based drivers can read or write files outside of the data directory.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in DBD::File. The `complete_table_name` method, responsible for building absolute table file paths, does not verify if the file is a symbolic link. This oversight allows a local attacker to create a symbolic link within the data directory that points to an arbitrary file outside of the intended data storage. Consequently, file-based drivers can be tricked into reading from or writing to unauthorized files, potentially leading to information disclosure or data corruption.
    </Details>
    <Statement xml:lang="en:us">
This Moderate flaw in DBD::File allows a local attacker to achieve arbitrary file read and write access. By creating a symbolic link within the data directory, an attacker can trick file-based drivers into accessing files outside of the intended directories, leading to potential information disclosure or data corruption. This issue is only exploitable by local attackers with write access to the directory used by an application using DBD::File perl module to write or read database data files.
    </Statement>
    <Mitigation xml:lang="en:us">
To mitigate this issue, ensure that directories used by applications using `DBD::File` for data storage have restricted write permissions, preventing untrusted local users from creating symbolic links. This operational control limits an attacker's ability to exploit the vulnerability by preventing the creation of malicious symlinks.
    </Mitigation>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:10">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>perl-DBI</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:6">
        <ProductName>Red Hat Enterprise Linux 6</ProductName>
        <FixState>Out of support scope</FixState>
        <PackageName>perl-DBI</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:7">
        <ProductName>Red Hat Enterprise Linux 7</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>perl-DBI</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>perl-DBI</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>perl-DBI:1.641/perl-DBI</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>perl-DBI</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-15392
https://nvd.nist.gov/vuln/detail/CVE-2026-15392
https://github.com/perl5-dbi/dbi/commit/96d62dfe4528bf56fe13f413ed323d4252531728.patch
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-mh3j-xwf4-jrqw
https://metacpan.org/release/HMBRAND/DBI-1.651/changes
    </References>
</Vulnerability>