Vulnerability Remediation for My Image Garden for macOS and CUPS Printer Driver

Description
A vulnerability involving improper validation of symbolic links has been identified in the installers for My Image Garden for macOS and CUPS Printer Driver.

If exploited during installation of the affected software, a third party with local access to, and login privileges on the PC, may be able to use a specially crafted symbolic link to modify the permissions of files or directories for which they would not normally have authorisation.

We advise that our customers install the latest version available for the affected products below.

Affected Software
My Image Garden for macOS (v3.6.8a)
CUPS Printer Driver v16.91.1.0 for Canon PIXMA printer MG2500 and iX6800

Remediation
Software designed to address this issue is available from the website of your local Canon sales company. Customers from Australia and New Zealand are advised to install the latest software available on our support site.

CVE/CVSS
CVE-2026-6891: Improper handling of symbolic links in the installer for My Image Garden for macOS
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N　Base Score: 5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N　Base Score: 5.0

CVE-2026-6892: Improper handling of symbolic links in the installer for CUPS Printer Driver
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N　Base Score: 5.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N　Base Score: 5.0