CVE-2026-41049
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
Incorrect caching of authentication between different users in the qSnapper dbus service before version 1.3.3 allows any local attacker to use dbus functions after a privileged user has authenticated.
Risk Assessment
The risk is that a local attacker without privileges can hijack an authenticated session from a privileged user and perform dbus operations, potentially leading to privilege escalation or unauthorized data access.
Recommendation
It is recommended to immediately upgrade qSnapper to version 1.3.3 or later, which fixes the incorrect authentication caching issue.
Original NVD description (English source)
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.

