CVE-2026-41048
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
In qSnapper before version 1.3.3, incorrect caching of authentication between different polkit methods allowed a local attacker to use functions like 'restore from snapshot' even if only allowed to do 'delete snapshot'.
Risk Assessment
The risk involves privilege escalation for a local user who can perform unauthorized system restore operations, potentially leading to data loss or system integrity compromise.
Recommendation
It is recommended to immediately update qSnapper to version 1.3.3 or later, which fixes this vulnerability. Also review polkit configuration to ensure proper permission separation.
Original NVD description (English source)
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".

