CVE-2026-37531 Overview
CVE-2026-37531 is a path traversal vulnerability in Automotive Grade Linux (AGL) app-framework-main through version 17.1.12. The flaw combines a Zip Slip path traversal weakness [CWE-22] with a Time-of-Check Time-of-Use (TOCTOU) race condition [CWE-367] in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c blocks absolute paths but fails to detect dot notation directory traversal sequences. A network-reachable attacker can craft a malicious widget archive that writes files to arbitrary filesystem locations during installation.
Critical Impact
Attackers can achieve arbitrary file write across the filesystem, leading to remote code execution and full compromise of AGL-based vehicle systems without authentication or user interaction.
Affected Products
- AGL app-framework-main versions through 17.1.12
- Automotive Grade Linux distributions integrating the vulnerable widget framework
- Vehicle in-vehicle infotainment (IVI) systems built on AGL
Discovery Timeline
- 2026-05-01 - CVE-2026-37531 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2026-37531
Vulnerability Analysis
The vulnerability resides in the AGL widget package installation pipeline. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but only rejects absolute paths. It does not normalize or reject ../ traversal sequences embedded in entry names. This allows attackers to escape the intended extraction directory.
During extraction, the zread function calls openat(workdirfd, filename, O_CREAT). The openat syscall resolves dot notation values relative to the work directory file descriptor. As a result, entries containing ../ sequences are written outside the work directory to arbitrary filesystem locations the framework process can access.
A second flaw compounds the issue. In install_widget within wgtpkg-install.c, zread extraction occurs before signature verification via check_all_signatures. When signature verification fails, the cleanup routine remove_workdir only removes files inside the temporary work directory. Any files written outside that directory through path traversal persist permanently.
Root Cause
The root cause is incomplete input validation combined with an insecure operation order. Filename validation does not canonicalize paths or reject relative traversal tokens. Extraction is performed before the cryptographic signature check, violating the principle of validating before acting on untrusted input.
Attack Vector
An attacker delivers a crafted widget archive to a target AGL system via any supported installation channel. ZIP entries contain dot notation traversal sequences targeting paths such as system service directories, configuration files, or systemd unit locations. Extraction writes attacker-controlled content to those paths. Even if the archive signature is invalid, the malicious files remain on disk after cleanup, enabling persistence and code execution at the next service load.
Detection Methods for CVE-2026-37531
Indicators of Compromise
- Files with unexpected timestamps appearing outside the AGL widget work directory after a widget installation attempt
- Modifications to systemd unit files, shell profile scripts, or /etc configuration during widget operations
- Failed signature verification log entries from wgtpkg-install followed by persistent files outside the work directory
- Widget archives containing ZIP entries with ../ sequences in member names
Detection Strategies
- Inspect ZIP archive entries before processing using tooling that flags traversal sequences in member names
- Monitor file creation events from the widget installer process targeting paths outside its expected work directory
- Audit openat syscall traces from wgtpkg-install for resolved paths that escape the work directory file descriptor
- Correlate signature verification failures in wgtpkg-install logs with new files appearing on the filesystem
Monitoring Recommendations
- Enable file integrity monitoring on system directories writable by the widget framework user
- Log all widget installation attempts with archive hashes and entry listings for forensic review
- Alert on creation or modification of executable files and systemd units outside the documented widget installation paths
How to Mitigate CVE-2026-37531
Immediate Actions Required
- Upgrade app-framework-main to a version later than 17.1.12 once a patched release is available from the AGL project
- Restrict the widget installation interface to authenticated and trusted sources only
- Run the widget framework process under a least-privileged account with restricted filesystem write permissions
Patch Information
No fixed version is referenced in the published CVE record at the time of writing. Track the Automotive Linux Gerrit Repository for upstream patches addressing the is_valid_filename validation gap and the extraction-before-verification ordering. Additional technical context is available in the GitHub Gist Security Snippet.
Workarounds
- Pre-validate widget archives outside the installer to reject any entry containing ../ or other traversal tokens before invoking wgtpkg-install
- Apply mandatory access control profiles (SMACK or SELinux) to confine the widget installer process to its work directory
- Disable network-exposed widget installation endpoints until the framework is upgraded
- Verify archive signatures out-of-band before delivering widgets to the AGL device
# Example AppArmor-style restriction confining the widget installer to its work directory
/usr/bin/wgtpkg-install {
/var/lib/afm/widgets/work/** rw,
/var/lib/afm/widgets/installed/** rw,
deny /etc/** w,
deny /usr/** w,
deny /lib/systemd/** w,
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
