CVE-2026-6369
Analyzed Analyzed - Analysis Complete
Improper Access Control in Ubuntu Livepatch Allows Root Token Theft

Publication date: 2026-04-20

Last updated on: 2026-06-05

Assigner: Canonical Ltd.

Description
An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-20
Last Modified
2026-06-05
Generated
2026-06-16
AI Q&A
2026-04-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6369
EUVD
EUVD-2026-23862
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
canonical livepatch_client to 10.15.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6369 is an improper access control vulnerability in the canonical-livepatch snap client versions prior to 10.15.0.

This flaw allows a local, unprivileged user to obtain a sensitive root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket.

The vulnerability is exploitable only on systems where the Livepatch client has been enabled by an administrator with a valid Ubuntu Pro subscription.

The stolen token enables an attacker to access Livepatch services using the victim’s credentials and potentially disrupt the Livepatch server.

Impact Analysis

If exploited, this vulnerability allows a local unprivileged user to obtain a root-level authentication token.

With this token, an attacker can access Livepatch services using the victim’s credentials.

The attacker could also potentially cause issues or disruptions to the Livepatch server.

This could lead to unauthorized access and interference with system patching services, which may affect system stability and security.

Detection Guidance

To detect if your system is vulnerable, you should check the version of the canonical-livepatch snap client installed.

  • Run the command `canonical-livepatch --version` to verify the installed version.

If the version is below 10.15.0, your system is vulnerable to this issue.

Mitigation Strategies

To mitigate this vulnerability, update the canonical-livepatch snap client to version 10.15.0 or later.

  • If installed from the latest/stable channel and automatic snap refreshes are enabled, the snap will update automatically.
  • To update immediately, run `sudo snap refresh canonical-livepatch --channel latest/stable`.
  • Ensure automatic updates are not blocked by running `snap refresh --unhold canonical-livepatch`.

If you suspect token compromise, contact Canonical Support for assistance.

Compliance Impact

This vulnerability allows a local unprivileged user to obtain a sensitive, root-level authentication token, which could lead to unauthorized access to Livepatch services using the victim's credentials. Such unauthorized access to sensitive authentication tokens may result in exposure or misuse of protected data or system functions.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, the unauthorized access to sensitive authentication tokens could potentially lead to violations of these regulations if personal or protected health information is accessed or compromised as a result.

Mitigation involves updating the canonical-livepatch snap client to version 10.15.0 or later to prevent token compromise, which is critical to maintaining compliance with security requirements in such standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6369. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart