Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic.
This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.
AnalysisAI
Cosmic-greeter before PR #426 contains a privilege dropping race condition vulnerability (CWE-271) that allows local attackers to regain dropped privileges through TOCTOU timing manipulation during privilege validation checks. The vulnerability affects the Pop!_OS greeter application and could enable privilege escalation to perform actions with elevated permissions that should have been restricted.
Technical ContextAI
Cosmic-greeter is the graphical login/authentication manager for Pop!_OS systems. The vulnerability stems from a time-of-check time-of-use (TOCTOU) race condition in privilege management logic-the application checks whether privileges should be dropped at one point in execution, but a race window exists before those privileges are actually lowered, allowing an attacker to exploit the temporal gap. CWE-271 encompasses improper privilege dropping or lowering, where the application fails to ensure that elevated permissions are consistently maintained at the required level throughout execution. The affected CPE indicates all versions of cosmic-greeter prior to the patch commit are vulnerable.
RemediationAI
Update cosmic-greeter to a version incorporating PR #426 from https://github.com/pop-os/cosmic-greeter/pull/426. Users should check their distribution's package repositories for patched releases (Pop!_OS and SUSE users should prioritize updates). Until patched, limiting local user access and enforcing strict authentication policies may reduce exposure, though these are not substitutes for the fix. Patch application should be treated as priority for systems where cosmic-greeter is deployed as the login manager.
Same weakness CWE-271 – Privilege Dropping / Lowering Errors
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17067
GHSA-h5vx-6jh5-qhq7