CVE-2026-34354: Guardicore Local Privilege Escalation Vulnerability

May 08, 2026

Written by

Akamai has mitigated a local privilege escalation vulnerability in Akamai Guardicore Platform Agent for macOS and Linux. Updated versions containing a fix for this vulnerability have been available since the beginning of April 2026 to all customers using Akamai Guardicore Platform Agent, and we strongly encourage all users to upgrade (if they have not yet done so).

Vulnerability details

Akamai Guardicore Platform Agent and Akamai Zero Trust Client on Linux and macOS are affected by a local privilege escalation vulnerability. The underlying services create an IPC socket in the world-writable /tmp directory, which accepts unauthenticated IPC control messages.

This enables a TOCTOU vulnerability in the HandleSaveLogs() function of the service, by creating a log file and manipulating it into a symlink that points to the targeted path, which can allow an unprivileged local user to make arbitrary root-owned files world-writable.

In addition, a diagnostic collection tool (gimmelogs) running with root privileges was vulnerable to command injection from the dbstore, offering a second privilege escalation vector.

On Windows, the same command injection vulnerability vector exists, but it is not immediately exploitable. This issue, however, does allow the creation of a diagnostic zip file at an arbitrary location.

This attack vector could only be exploited by a user with local access to the workstation or server; it is not remotely exploitable.

The vulnerability has been assigned CVE-2026-34354.

Mitigation

To mitigate the security risks, macOS or Linux customers are required to upgrade their clients following our online documentation or reach out to us via the Akamai Control Center Portal with any questions. (Note: The steps for installing the Akamai Zero Trust Client are the same).

Customers using Windows clients are not at immediate risk and can perform the upgrade during their regular maintenance schedule to benefit from improved security hardening and file system protections.

Credit

This vulnerability was discovered internally by Rajesh Sharma.

Learn more

May 08, 2026

Akamai InfoSec

Written by

Akamai InfoSec

Tags

You are at risk if your Drupal site uses a PostgreSQL database and relies on the JSON:API, Views, or related routing modules.

Blogs

Decentralized Threat: Stealthy P2P Cryptominer Targeting Ollama Endpoints

May 21, 2026

Larry Cashdollar

The Akamai SIRT uncovered a custom P2P Trojan masquerading as system activity. Learn how to detect and mitigate this stealthy Go-based cryptominer.

Read blog

You are at risk if your Drupal site uses a PostgreSQL database and relies on the JSON:API, Views, or related routing modules.

Security Research

CVE-2026-9082: Mitigating a Critical SQL Injection Vulnerability in Drupal

May 21, 2026

Akamai Security Research

Learn how the complex Drupal SQLi vulnerability (CVE-2026-9082) exploits PostgreSQL environments and its data theft risks — and how to ensure you’re protected.

Read blog

Akamai has proactively deployed an Adaptive Security Engine Rapid Rule to protect our customers from this threat.

Security Research

CVE-2026-42945: Mitigating a Critical Heap Buffer Overflow Vulnerability in NGINX

May 18, 2026

Akamai Security Intelligence Group

Discover CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow vulnerability. Learn about the affected versions and critical patch updates.

Read blog