A vulnerability categorized as critical has been discovered in acl up to 2.3.x . This issue affects the function acl_get_file/acl_set_file/acl_extended_file/acl_delete_def_file . Executing a manipulation can lead to link following. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2026-54369 . The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.