A vulnerability classified as critical has been found in acl up to 2.5.x . This impacts an unknown function of the component Pathname . Performing a manipulation results in link following. This vulnerability is known as CVE-2026-54371 . Attacking locally is a requirement. No exploit is available. It is recommended to upgrade the affected component.