include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 26.1%