CVE-2026-6970

Source
https://cve.org/CVERecord?id=CVE-2026-6970
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6970.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-6970
Aliases
Downstream
Published
2026-04-27T15:28:48.209Z
Modified
2026-07-15T01:49:05.495929431Z
Severity
  • 7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
authd Denial of Service and Local Privilege Escalation
Details

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the authctl group set-gid command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.

Database specific
{
    "cwe_ids": [
        "CWE-842"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6970.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "0.6.1"
                },
                {
                    "fixed": "0.6.1ubuntu0.1"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "canonical"
}
References

Affected packages

Git / github.com/canonical/authd

Affected ranges

Type
GIT
Repo
https://github.com/canonical/authd
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.6.0"
        },
        {
            "fixed": "0.6.4"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6970.json"