Description
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.
Published: 2026-04-27
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation and Denial of Service
Action: Apply Patch
AI Analysis

Impact

authd contains a logic error in how it assigns the primary group ID at login, causing a mismatch between a user's UID and GID when the account was created before version 0.5.4 or when the group was manually changed. This results in newly created files and directories being owned by the wrong group, which can deny legitimate access and may grant other local users unintended read or write permissions. The flaw is a local privilege escalation vector that can lead to denial of service or unauthorized access to sensitive data.

Affected Systems

The affected product is Canonical’s authd service. Versions prior to 0.6.4 are vulnerable, including those where accounts were created with older authd or where the primary group was manually altered with authctl group set‑gid.

Risk and Exploitability

The flaw has a CVSS score of 7.3 and no EPSS data is available. It is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is a local user who triggers an identity provider record update after an existing account has a mismatched UID and GID, or a newly created account before version 0.5.4. Once triggered, an attacker can gain elevated access to files they should not own, leading to data compromise or denial of service. The vulnerability has no publicly known remote exploitation vector.

Generated by OpenCVE AI on April 28, 2026 at 04:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Canonical authd update (0.6.4 or newer).
  • For existing users affected by this logic error, reset their primary group ID to match their UID or recreate the account to correct ownership of new files.
  • Limit or audit use of the authctl group set‑gid command to prevent accidental or malicious group ID changes.
  • Verify that any remaining users with mismatched UID/GID have been updated before they log in to prevent the flaw from activating.

Generated by OpenCVE AI on April 28, 2026 at 04:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-fg3j-5w9g-hmg7 authd: Primary group ID is incorrectly set to value of UID
Ubuntu USN Ubuntu USN USN-8212-1 authd vulnerability
History

Tue, 28 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical authd
Vendors & Products Canonical
Canonical authd

Mon, 27 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.
Title authd Denial of Service and Local Privilege Escalation
Weaknesses CWE-842
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Canonical Authd
cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-04-27T16:17:10.157Z

Reserved: 2026-04-24T16:52:35.090Z

Link: CVE-2026-6970

cve-icon Vulnrichment

Updated: 2026-04-27T16:14:29.359Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T16:16:46.300

Modified: 2026-04-27T18:35:53.583

Link: CVE-2026-6970

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:30:21Z

Weaknesses