Executive summary CVE-2026-31979 is a high-severity local privilege escalation vulnerability (CVSS 8.8) in Himmelblau, an open source interoperability suite that integrates Linux systems with Microsoft Azure Entra ID and Intune. A successful exploit grants a local, unprivileged user full root access. This allows an attacker who has already gained a foothold in your environment to bypass local security controls, access sensitive data (such as / etc/shadow ), and establish persistent access on the host. The vulnerability is a symbolic link (symlink) race condition. The system mishandles file operations in the shared /tmp directory, allowing an attacker to trick a high-privileged process into modifying system-critical files. Organizations that run "Linux on the Desktop" or hybrid cloud environments that use Himmelblau for Intune policy enforcement and Azure identity management are at high risk.…