Exposed Session Token in canonical-livepatch client snap_CVE-2026-6369

5.7 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L

Description

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.

Basic Information

ID CVE-2026-6369

Source canonical

Published Apr 20, 2026 at 13:38

Modified Apr 20, 2026 at 14:06

Affected Product

Vendor Canonical

Product canonical-livepatch

Affected Versions Canonical canonical-livepatch 0

CWE Classification

CWE-306 CWE-732

References

discourse.ubuntu.com /t/security-notice-canonical-livepatch-client-snap-vulnerability/80662

{
    "lastseen": "",
    "description": "An improper access control vulnerability in the canonical-livepatch snap client prior to version\u00a010.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket.\u00a0This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.",
    "published": "2026-04-20T13:38:13.691Z",
    "modified": "2026-04-20T14:06:18.537Z",
    "type": "cve",
    "title": "Exposed Session Token in canonical-livepatch client snap",
    "source": "canonical",
    "references": "https://discourse.ubuntu.com/t/security-notice-canonical-livepatch-client-snap-vulnerability/80662",
    "id": "CVE-2026-6369",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Canonical canonical-livepatch 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.7,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "canonical-livepatch",
    "version": "0",
    "vendor": "Canonical",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}