CVE-2026-41045
Received Received - Intake
Time-of-Check Time-of-Use Flaw in qSnapper

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: SUSE

Description
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-22
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-41045
EUVD
EUVD-2026-38259
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-41045 is a security vulnerability in the qsnapper software related to weak Polkit authentication checks. It arises from a race condition in the use of "UnixProcessSubject" for client authentication, which allows a local attacker to bypass the authentication mechanism.

This race condition enables an attacker to operate with elevated privileges, such as root user access, by exploiting the time-to-check-time-of-use flaw before version 1.3.3 of qsnapper.

Impact Analysis

This vulnerability can allow a local attacker to bypass authentication and gain unauthorized root-level access on the affected system.

Such unauthorized access can lead to full control over the system, including the ability to modify, delete, or steal sensitive data, install malicious software, or disrupt system operations.

Detection Guidance

This vulnerability is a local privilege escalation issue related to a race condition in the Polkit authentication mechanism used by qsnapper before version 1.3.3. Detection involves verifying the installed qsnapper version and monitoring for suspicious local activity attempting to exploit Polkit authentication.

Since the vulnerability is local and involves a race condition, network-based detection is unlikely to be effective. Instead, detection should focus on checking the qsnapper version and reviewing system logs for unusual privilege escalation attempts.

  • Check the installed qsnapper version: `qsnapper --version` or `rpm -q qsnapper` (on RPM-based systems).
  • Review system logs for Polkit or authentication-related errors or suspicious activity: `journalctl -u polkit` or `grep polkit /var/log/auth.log`.
  • Monitor for unexpected root-level processes or commands initiated by non-privileged users.
Mitigation Strategies

The primary mitigation step is to update qsnapper to version 1.3.3 or later, which contains the patch fixing the Polkit authentication race condition vulnerability.

Until the update can be applied, restrict local user access to the qsnapper service or binaries to trusted users only, minimizing the risk of exploitation.

Additionally, monitor system logs for any suspicious activity related to Polkit authentication and privilege escalation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41045. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart