CVE-2026-41045 - Vulnerability Details

Description

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.

Published: 2026-06-22

Score: 8.1 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

qSnapper includes a time‑to‑check to time‑of‑use vulnerability in its polkit authentication mechanism, allowing a local attacker to bypass the authentication check and operate with elevated privileges, potentially as root.

Affected Systems

The vulnerable product is qSnapper from presire. Any deployment running a version earlier than 1.3.3 is affected. The patch that fixes the issue is available in release v1.3.3 and newer.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity risk. Because the exploit is local, it is limited to users who already have local access to the system and there is no current EPSS data or KEV listing, the likelihood is not quantified but the potential for privilege escalation remains significant whenever local users are present.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

presire

qSnapper

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.3

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update qSnapper to release v1.3.3 or newer, which removes the vulnerable authentication check.
If an immediate update is not possible, disable or restrict the polkit service that qSnapper uses to prevent local users from invoking the vulnerability.
Ensure the system applies the latest security patches and audits local accounts for privilege misuse, addressing the underlying authentication weakness highlighted by CWE‑367.

Generated by OpenCVE AI on June 22, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1261795
https://github.com/presire/qSnapper/releases/tag/v1.3.3
https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-polkit-bypass

History

Mon, 22 Jun 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.
Title		Weak polkit authentication check in qSnapper
Weaknesses		CWE-367
References		https://bugzilla.suse.com/show_bug.cgi?id=1261795 https://github.com/presire/qSnapper/releases/tag/v1.3.3 https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-polkit-bypass
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2026-06-22T15:16:37.631Z

Updated: 2026-06-22T15:16:37.631Z

Reserved: 2026-04-16T13:37:50.679Z

Link: CVE-2026-41045

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-22T16:30:08Z

Weaknesses

CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41045", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2026-04-16T13:37:50.679Z", "datePublished": "2026-06-22T15:16:37.631Z", "dateUpdated": "2026-06-22T15:16:37.631Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-06-22T15:16:37.631Z"}, "title": "Weak polkit authentication check in qSnapper", "datePublic": "2026-05-26T15:09:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-367", "description": "CWE-367 Time-of-check time-of-use (TOCTOU) race condition", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "affected": [{"vendor": "presire", "product": "qSnapper", "packageName": "qsnapper", "repo": "https://github.com/presire/qSnapper", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user."}]}], "references": [{"url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-polkit-bypass", "tags": ["third-party-advisory"]}, {"url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3", "tags": ["vendor-advisory"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1261795", "tags": ["issue-tracking"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Matthias Gerstner of SUSE", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object