{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-6369","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","state":"PUBLISHED","assignerShortName":"canonical","dateReserved":"2026-04-15T15:52:27.875Z","datePublished":"2026-04-20T13:38:13.691Z","dateUpdated":"2026-04-20T14:06:18.537Z"},"containers":{"cna":{"title":"Exposed Session Token in canonical-livepatch client snap","datePublic":"2025-04-20T12:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-306","description":"CWE-306 Missing authentication for critical function","type":"CWE"},{"lang":"en","cweId":"CWE-732","description":"CWE-732 Incorrect Permission Assignment for Critical Resource","type":"CWE"}]}],"affected":[{"vendor":"Canonical","product":"canonical-livepatch","versions":[{"status":"affected","version":"0","lessThan":"10.15.0","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server."}],"references":[{"url":"https://discourse.ubuntu.com/t/security-notice-canonical-livepatch-client-snap-vulnerability/80662","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"MEDIUM","baseScore":5.7,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L"}}],"source":{"discovery":"INTERNAL"},"providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2026-04-20T13:38:13.691Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2026-6369","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-04-20T13:58:37.433925Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-20T14:06:18.537Z"}}]}}