Linuxfoundation Automotive Grade Linux — known CVE vulnerabilities
Every CVE whose affected-product data names Linuxfoundation Automotive Grade Linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2026-37531 — CVSS 9.8 (critical): AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition…
CVE-2026-37525 — CVSS 7.8 (high): AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The…
CVE-2026-37526 — CVSS 7.8 (high): AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do…
CVE-2026-37530 — CVSS 7.5 (high): AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in…
CVE-2026-37532 — CVSS 7.1 (high): AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive…