A vulnerability was found in acl up to 2.3.x . It has been rated as problematic . This vulnerability affects the function lstat of the component Pathname . Performing a manipulation results in time-of-check time-of-use. This vulnerability is cataloged as CVE-2026-54370 . The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is advised.