vulnerability context

CVE-2026-41045

CVSS 8.1 HIGHEPSS 2.8%CWE-367OTX 1 pulse

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.

Published 2026-06-22 · last modified 2026-06-22

details

CISA KEV status: Not in catalog
CVSS v3: 8.1 / HIGH
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS: 2.8% percentile (score 0.0013)
CWE: CWE-367
OTX pulses: 1 total, 0 recent

View on NVD → · cve.org

source mentions 2

[Hugo | DevOps | Cybersecurity 🇱🇻] CVE-2026-41045 - Privilege Escalation in Qsnapper. TOCTOU flaw in polkit auth allows loca...Bluesky · 23h ago
qSnapper: Various Security Issues in Privileged D-Bus Service (CVE-2026-41045 through CVE-2026-41048)oss-security · 28d ago

source consensus

Bluesky1×
oss-security1×

Want the 3-bullet summary of CVE-2026-41045, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →