Skip to main content

Cosmic Greeter EUVDEUVD-2026-17067

| CVE-2026-25704 MEDIUM
Privilege Dropping / Lowering Errors (CWE-271)
2026-03-30 suse GHSA-h5vx-6jh5-qhq7
5.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.8 MEDIUM
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 30, 2026 - 08:15 euvd
EUVD-2026-17067
Analysis Generated
Mar 30, 2026 - 08:15 vuln.today
CVE Published
Mar 30, 2026 - 07:44 nvd
MEDIUM 5.8

DescriptionCVE.org

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in  cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic.

This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.

AnalysisAI

Cosmic-greeter before PR #426 contains a privilege dropping race condition vulnerability (CWE-271) that allows local attackers to regain dropped privileges through TOCTOU timing manipulation during privilege validation checks. The vulnerability affects the Pop!_OS greeter application and could enable privilege escalation to perform actions with elevated permissions that should have been restricted.

Technical ContextAI

Cosmic-greeter is the graphical login/authentication manager for Pop!_OS systems. The vulnerability stems from a time-of-check time-of-use (TOCTOU) race condition in privilege management logic-the application checks whether privileges should be dropped at one point in execution, but a race window exists before those privileges are actually lowered, allowing an attacker to exploit the temporal gap. CWE-271 encompasses improper privilege dropping or lowering, where the application fails to ensure that elevated permissions are consistently maintained at the required level throughout execution. The affected CPE indicates all versions of cosmic-greeter prior to the patch commit are vulnerable.

RemediationAI

Update cosmic-greeter to a version incorporating PR #426 from https://github.com/pop-os/cosmic-greeter/pull/426. Users should check their distribution's package repositories for patched releases (Pop!_OS and SUSE users should prioritize updates). Until patched, limiting local user access and enforcing strict authentication policies may reduce exposure, though these are not substitutes for the fix. Patch application should be treated as priority for systems where cosmic-greeter is deployed as the login manager.

Vendor StatusVendor

SUSE

Severity: Medium

Share

EUVD-2026-17067 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy