Skip to main content

qSnapper EUVDEUVD-2026-38263

| CVE-2026-41046 HIGH
Relative Path Traversal (CWE-23)
2026-06-22 suse GHSA-3hfq-9fxf-h35p
7.3
CVSS 3.1 · NVD
Share

Severity by source

Vendor (suse) PRIMARY
HIGH
qualitative
NVD
7.3 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
vuln.today AI
6.6 MEDIUM

Local D-Bus access requires an unprivileged local account so PR:L (not PR:N); low complexity, no UI; high availability from DoS, low C/I from config-driven side effects short of confirmed full RCE.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
SUSE
HIGH
qualitative

Primary rating from Vendor (suse).

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
High

Lifecycle Timeline

3
Patch available
Jun 22, 2026 - 17:01 EUVD
Source Code Evidence Fetched
Jun 22, 2026 - 16:04 vuln.today
Analysis Generated
Jun 22, 2026 - 16:04 vuln.today

DescriptionNVD

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.

AnalysisAI

Local privilege escalation and denial of service in qSnapper before 1.3.3 stems from path traversal via the configName D-Bus parameter, allowing local attackers to point the snapper backend at attacker-controlled config files. Per the SUSE security review that produced coordinated fixes for CVE-2026-41045 through CVE-2026-41049, exploitation can crash the service or escalate to root through abuse of snapper configuration handling. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local user shell
Delivery
Plant malicious snapper config file
Exploit
Call qSnapper D-Bus method with traversal configName
Execution
Service loads attacker config as root
Persist
Snapper executes with controlled settings
Impact
DoS or root privilege escalation

Vulnerability AssessmentAI

Exploitation Attacker must have local D-Bus session access to the system bus on a host where the qSnapper privileged service is installed and running (typical on openSUSE/SLES desktops or servers using qSnapper for snapper management) and must supply a malicious configName value to a D-Bus method such as those accepting configName prior to the 1.3.3 validateConfigName() allowlist. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 3.1 base score is 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) - local vector, low complexity, no privileges, no UI, with high availability impact and low confidentiality/integrity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local unprivileged user on a workstation running qSnapper invokes a vulnerable D-Bus method (for example a restore or diff call) supplying a configName containing path traversal sequences that resolves to an attacker-planted snapper config file in a world-writable location. The privileged qSnapper service loads that config and invokes snapper, which executes with root privileges using the attacker-controlled settings, producing a service crash or, depending on the config directives, code execution paths that lead to root. …
Remediation Vendor-released patch: qSnapper 1.3.3 - upgrade immediately via the project release at https://github.com/presire/qSnapper/releases/tag/v1.3.3 or the distribution package once published per SUSE Bugzilla 1261889. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running qSnapper versions prior to 1.3.3 and determine operational criticality of affected systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important

Share

EUVD-2026-38263 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy