CVE-2026-37526: High severity Automotive Grade Linux app-framework-binder (afb-daemon) vulnerability

Published May 1, 2026
·
Updated

AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in src/afb-supervision.c dispatches all 8 commands without any credential verification. The abstract socket has no DAC protection, as acknowledged in the official CAUTION comment in src/afs-supervision.h. This allows a low-privileged local process to kill the daemon (DoS via Exit command), execute arbitrary API calls (via Do command), close arbitrary user sessions (via Sclose command), or leak the entire global configuration (via Config command). The vulnerability was introduced in commit b8c9d5de384efcfa53ebdb3f0053d7b3723777e1 on 2017-06-29.

Affected Software

2 affected components
Automotive Grade Linux app-framework-binder (afb-daemon)<=19.90.0
linuxfoundation Automotive Grade Linux<=17.1.12

Event History

May 1, 2026
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverity
Data Sourced
via NVD·05:16 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-37526?

CVE-2026-37526 is classified as a high severity vulnerability due to its potential to allow unauthorized access to privileged supervision commands.

2

How do I fix CVE-2026-37526?

To fix CVE-2026-37526, update the app-framework-binder (afb-daemon) to a version later than 19.90.0 where the vulnerability is patched.

3

Who is affected by CVE-2026-37526?

CVE-2026-37526 affects users of Automotive Grade Linux app-framework-binder (afb-daemon) version 19.90.0 and earlier.

4

What are the potential consequences of exploiting CVE-2026-37526?

Exploiting CVE-2026-37526 could allow an attacker to execute critical commands on the system without authentication, which could compromise system integrity.

5

Is there a workaround for CVE-2026-37526 until a patch is applied?

A temporary workaround for CVE-2026-37526 involves restricting access to the abstract Unix socket used by the afb-daemon.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203