Skip to main content

Ubuntu CVE-2026-6369

| EUVDEUVD-2026-23862 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-04-20 canonical
5.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch released
Apr 20, 2026 - 19:05 nvd
Patch available
Patch available
Apr 20, 2026 - 15:31 EUVD
Analysis Generated
Apr 20, 2026 - 14:33 vuln.today
CVSS changed
Apr 20, 2026 - 14:22 NVD
5.7 (MEDIUM)
EUVD ID Assigned
Apr 20, 2026 - 14:15 euvd
EUVD-2026-23862
Analysis Generated
Apr 20, 2026 - 14:15 vuln.today
CVE Published
Apr 20, 2026 - 13:38 nvd
MEDIUM 5.7

DescriptionCVE.org

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.

AnalysisAI

Canonical Livepatch snap client prior to 10.15.0 allows local unprivileged users to obtain a root-level authentication token via an unauthenticated request to the livepatchd.sock Unix domain socket, enabling attackers to impersonate the victim and access Livepatch services on systems with an active Ubuntu Pro subscription.

Technical ContextAI

The canonical-livepatch snap implements a Unix domain socket interface (livepatchd.sock) for local inter-process communication with the Livepatch daemon. The vulnerability stems from improper access control (CWE-306) on this socket, which fails to enforce proper authentication or authorization checks. This allows any local unprivileged user to connect to the socket and retrieve a sensitive authentication token normally intended for root-level operations. The token can then be replayed to authenticate requests to Livepatch services, effectively bypassing the intended privilege boundary between the unprivileged user and the root-owned service. The snap containerization model isolates the Livepatch client but does not prevent local socket access from unprivileged users within the system.

RemediationAI

Apply the vendor-released patch by upgrading canonical-livepatch snap to version 10.15.0 or later. Ubuntu users can update via snap refresh canonical-livepatch or through the Ubuntu Software Center. Until patching is completed, disable Livepatch if not critical for your environment by running snap disable canonical-livepatch, or restrict local system access via OS-level controls such as restricting user accounts or removing unnecessary local user access. Note that disabling Livepatch removes live kernel patching capabilities and requires traditional system reboots for kernel updates, which may impact availability requirements. Detailed information and updates are available at https://discourse.ubuntu.com/t/security-notice-canonical-livepatch-client-snap-vulnerability/80662.

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2026-33309 CRITICAL POC
9.9 Mar 19

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar

CVE-2019-7304 CRITICAL POC
9.8 Apr 23

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitra

CVE-2026-33186 CRITICAL POC
9.1 Mar 18

An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTT

CVE-2026-50180 HIGH POC
8.7 Jul 02

Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfi

CVE-2020-14966 HIGH POC
7.5 Jun 22

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner

CVE-2020-13822 HIGH POC
7.7 Jun 04

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' byte

CVE-2026-29181 HIGH POC
7.5 Apr 07

Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger se

CVE-2019-7303 HIGH POC
7.5 Apr 23

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert char

CVE-2014-4699 MEDIUM POC
6.9 Jul 09

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved

CVE-2017-7725 MEDIUM POC
6.1 Apr 13

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "ca

CVE-2026-48816 MEDIUM POC
6.5 Jul 01

Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity w

Share

CVE-2026-6369 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy