CVE-2026-41048
Received Received - Intake
Incorrect Authentication Caching in qSnapper

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: SUSE

Description
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-22
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-41048
EUVD
EUVD-2026-38272
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-303 The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-41048 is an authentication bypass vulnerability in qsnapper caused by incorrect caching of authentication status. A shared flag named `m_authenticated` caches authentication across different clients, allowing a local attacker to exploit an already authenticated session of another user. This means that if one user is authenticated for certain actions, other users can perform those actions without proper re-authentication.

Specifically, this flaw affects functions like DeleteSnapshot(), RestoreFiles(), and RestoreFilesDirect(), enabling unauthorized users to perform actions such as restoring from snapshots even if they are only allowed to delete snapshots. This behavior violates the intended security model of Polkit by unintentionally granting elevated privileges.

Impact Analysis

This vulnerability can lead to unauthorized access and actions within the system. An attacker with local access can exploit the shared authentication flag to perform privileged operations like restoring files from snapshots without proper permission.

Such unauthorized actions can result in data loss, data corruption, or system compromise because users gain unintended privileges that bypass normal security checks.

Detection Guidance

This vulnerability involves an authentication bypass in qsnapper due to incorrect caching of authentication flags between different polkit methods. Detection would involve checking the version of qsnapper installed on your system.

Specifically, you should verify if your qsnapper version is earlier than 1.3.3, as versions before this contain the vulnerability.

You can check the installed version of qsnapper using commands like:

  • rpm -q qsnapper
  • qsnapper --version

Additionally, monitoring for unexpected usage of snapshot-related functions such as DeleteSnapshot() or RestoreFiles() by users with limited permissions could indicate exploitation attempts, but no specific detection commands are provided.

Mitigation Strategies

The primary mitigation step is to upgrade qsnapper to version 1.3.3 or later, where this authentication caching issue has been fixed.

Until the upgrade can be applied, restrict local user access to qsnapper functions that involve snapshot deletion or restoration to trusted users only.

Additionally, monitor and audit usage of snapshot-related commands to detect any unauthorized attempts.

Compliance Impact

The vulnerability in qsnapper allows unauthorized users to perform privileged actions such as restoring snapshots without proper authentication, potentially leading to unauthorized data access or modification.

Such unauthorized access and privilege escalation can result in violations of data protection and security requirements mandated by standards like GDPR and HIPAA, which require strict access controls and authentication mechanisms to protect sensitive data.

Therefore, this vulnerability could negatively impact compliance with these regulations by enabling unauthorized data operations and increasing the risk of data breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41048. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart