CVE Catalog

CVE-2026-41049

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

Incorrect caching of authentication between different users in the qSnapper dbus service before version 1.3.3 allows any local attacker to use dbus functions after a privileged user has authenticated.

Risk Assessment

The risk is that a local attacker without privileges can hijack an authenticated session from a privileged user and perform dbus operations, potentially leading to privilege escalation or unauthorized data access.

Recommendation

It is recommended to immediately upgrade qSnapper to version 1.3.3 or later, which fixes the incorrect authentication caching issue.

Original NVD description (English source)

Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS