Skip to main content

Ubuntu 14 04 Lts

2 CVEs product

Monthly

CVE-2026-11386 CRITICAL PATCH Act Now

Root-level remote code execution in Canonical's ubuntu-pro-client (formerly ubuntu-advantage-tools) allows an attacker who can spoof or tamper with the Ubuntu Pro contract server response to inject arbitrary APT source lines and install malicious root-owned packages. The client builds /etc/apt/sources.list.d entries from the server's directives.suites[] and directives.aptURL fields via Python str.format() without escaping or newline filtering, and passes additionalPackages[] positionally into a root-run apt-get install. Because the component is preinstalled on supported Ubuntu Server releases and auto-attaches on cloud Ubuntu Pro images the exposure is broad; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Python Ubuntu Canonical RCE Ubuntu Pro Client Ubuntu Advantage Tools +7
NVD VulDB
CVSS 3.1
9.0
CVE-2026-9494 MEDIUM PATCH This Month

ubuntu-pro-client (formerly ubuntu-advantage-tools) leaks Ubuntu Pro bearer tokens to unprivileged local users via the Linux /proc filesystem on all supported Ubuntu LTS releases from 14.04 through 26.04. When the client validates APT credentials, it spawns /usr/lib/apt/apt-helper with the secret token embedded in a cleartext URL argument (https://bearer:<token>@esm.ubuntu.com/), which any local low-privileged user can read from /proc/<pid>/cmdline on default-configured systems. The stolen token enables unauthorized access to the victim's Ubuntu Pro ESM repositories. No public exploit has been identified at time of analysis, and this is not listed in CISA KEV.

Ubuntu Canonical Authentication Bypass Information Disclosure Ubuntu Pro Client Ubuntu Advantage Tools +7
NVD
CVSS 3.1
5.5
CVSS 9.0
CRITICAL PATCH Act Now

Root-level remote code execution in Canonical's ubuntu-pro-client (formerly ubuntu-advantage-tools) allows an attacker who can spoof or tamper with the Ubuntu Pro contract server response to inject arbitrary APT source lines and install malicious root-owned packages. The client builds /etc/apt/sources.list.d entries from the server's directives.suites[] and directives.aptURL fields via Python str.format() without escaping or newline filtering, and passes additionalPackages[] positionally into a root-run apt-get install. Because the component is preinstalled on supported Ubuntu Server releases and auto-attaches on cloud Ubuntu Pro images the exposure is broad; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Python Ubuntu Canonical +9
NVD VulDB
CVSS 5.5
MEDIUM PATCH This Month

ubuntu-pro-client (formerly ubuntu-advantage-tools) leaks Ubuntu Pro bearer tokens to unprivileged local users via the Linux /proc filesystem on all supported Ubuntu LTS releases from 14.04 through 26.04. When the client validates APT credentials, it spawns /usr/lib/apt/apt-helper with the secret token embedded in a cleartext URL argument (https://bearer:<token>@esm.ubuntu.com/), which any local low-privileged user can read from /proc/<pid>/cmdline on default-configured systems. The stolen token enables unauthorized access to the victim's Ubuntu Pro ESM repositories. No public exploit has been identified at time of analysis, and this is not listed in CISA KEV.

Ubuntu Canonical Authentication Bypass +9
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy