CVE Catalog

CVE-2026-41045

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

3th percentile - higher than 3% of all known CVEs

Summary

A time-to-check-time-of-use vulnerability in the polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnapper's authentication mechanism and operate with root privileges.

Risk Assessment

A local attacker can gain full system control by performing operations with administrator privileges, compromising data confidentiality, integrity, and availability.

Recommendation

Immediately update qSnapper to version 1.3.3 or later, which includes a fix for the TOCTOU vulnerability.

Original NVD description (English source)

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS