Product
A path traversal vulnerability (CVE-2026-14476) in SSSD's Active Directory Group Policy Object (AD GPO) provider allows an authenticated attacker with AD GPO management access to write arbitrary files outside the GPO cache directory with root privileges, leading to Kerberos configuration injection and potential authentication bypass on Red Hat Enterprise Linux systems.