Canonical Snap Vulnerability Allows Administrator Rights Escalation
Summary
CERT-Bund has issued a security advisory (WID-SEC-2026-0758) regarding a vulnerability in Canonical Snap that allows for administrator rights escalation on Linux systems. The advisory details affected versions of Ubuntu Linux snapd and provides mitigation information.
What changed
CERT-Bund has released a security advisory (WID-SEC-2026-0758) detailing a critical vulnerability in Canonical Snap, affecting various versions of Ubuntu Linux snapd. This vulnerability, with a CVSS Base Score of 7.8, allows a local attacker to escalate privileges to administrator rights. The advisory lists specific affected versions, including those for Ubuntu 25.10, 24.04, 22.04, 20.04, and 16.04.
Organizations using affected versions of Ubuntu Linux with snapd should apply the available mitigation measures immediately to prevent unauthorized administrator access. This advisory highlights the importance of timely patching and security updates for software distribution systems like Canonical Snap to protect against privilege escalation attacks. Failure to mitigate could lead to severe system compromise.
What to do next
- Apply available mitigation measures for affected Ubuntu Linux snapd versions.
- Review system configurations for unauthorized administrator access.
Source document (simplified)
[WID-SEC-2026-0758] Canonical Snap: Schwachstelle ermöglicht Erlangen von Administratorrechten CVSS Base Score 7.8 (hoch) CVSS Temporal Score 7.0 (hoch) Remoteangriff nein Datum 17.03.2026 Stand 18.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
Produktbeschreibung
Snap (auch bekannt als Snappy) ist ein Softwareverteilungssystem und eine Paketverwaltung für Linux.
Ubuntu Linux ist die Linux Distribution des Herstellers Canonical.
Produkte
17.03.2026
- Ubuntu Linux snapd <2.73+ubuntu25.10.1
Ubuntu Linux snapd <2.73+ubuntu24.04.1
Ubuntu Linux snapd <2.73+ubuntu22.04.1
Ubuntu Linux snapd <2.67.1+20.04ubuntu1~esm1
Ubuntu Linux snapd <2.61.4ubuntu0.18.04.1+esm2
Ubuntu Linux snapd <2.61.4ubuntu0.16.04.1+esm2
Canonical Snap
Angriff
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in Canonical Snap ausnutzen, um Administratorrechte zu erlangen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.