CVE-2026-41048

Summary

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".

Affected Software

VendorProductVersion RangeStatus
presireqSnapper1.2.1 < 1.3.3affected

Weaknesses

  • CWE-303: CWE-303 Incorrect implementation of authentication algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References