Vulnerability Description
An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-6369?
CVE-2026-6369 is a documented vulnerability. An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by send...
How severe is CVE-2026-6369?
CVSS scoring is not yet available for CVE-2026-6369. Check NVD for updates.
Is there a patch for CVE-2026-6369?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.