UBUNTU-CVE-2026-38978

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-38978

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-38978.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-38978

Upstream

CVE-2026-38978

Downstream

USN-8404-1

Related

USN-8404-1

Published

2026-06-03T00:00:00Z

Modified

2026-06-08T23:00:08.227933990Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.

References

Affected packages

Ubuntu:16.04:LTS

transmission

Package

Name: transmission
Purl: pkg:deb/ubuntu/transmission?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.84-1ubuntu1

2.84-2

2.84-3

2.84-3ubuntu1

2.84-3ubuntu2

2.84-3ubuntu3

2.84-3ubuntu3.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.84-3ubuntu3.1",
            "binary_name": "transmission"
        },
        {
            "binary_version": "2.84-3ubuntu3.1",
            "binary_name": "transmission-cli"
        },
        {
            "binary_version": "2.84-3ubuntu3.1",
            "binary_name": "transmission-common"
        },
        {
            "binary_version": "2.84-3ubuntu3.1",
            "binary_name": "transmission-daemon"
        },
        {
            "binary_version": "2.84-3ubuntu3.1",
            "binary_name": "transmission-gtk"
        },
        {
            "binary_version": "2.84-3ubuntu3.1",
            "binary_name": "transmission-qt"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-38978.json"

Ubuntu:18.04:LTS

transmission

Package

Name: transmission
Purl: pkg:deb/ubuntu/transmission?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.92-2ubuntu3

2.92-3ubuntu1

2.92-3ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.92-3ubuntu2",
            "binary_name": "transmission"
        },
        {
            "binary_version": "2.92-3ubuntu2",
            "binary_name": "transmission-cli"
        },
        {
            "binary_version": "2.92-3ubuntu2",
            "binary_name": "transmission-common"
        },
        {
            "binary_version": "2.92-3ubuntu2",
            "binary_name": "transmission-daemon"
        },
        {
            "binary_version": "2.92-3ubuntu2",
            "binary_name": "transmission-gtk"
        },
        {
            "binary_version": "2.92-3ubuntu2",
            "binary_name": "transmission-qt"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-38978.json"

Ubuntu:20.04:LTS

transmission

Package

Name: transmission
Purl: pkg:deb/ubuntu/transmission?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.94-2ubuntu1

2.94-2ubuntu2

2.94-2ubuntu3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.94-2ubuntu3",
            "binary_name": "transmission"
        },
        {
            "binary_version": "2.94-2ubuntu3",
            "binary_name": "transmission-cli"
        },
        {
            "binary_version": "2.94-2ubuntu3",
            "binary_name": "transmission-common"
        },
        {
            "binary_version": "2.94-2ubuntu3",
            "binary_name": "transmission-daemon"
        },
        {
            "binary_version": "2.94-2ubuntu3",
            "binary_name": "transmission-gtk"
        },
        {
            "binary_version": "2.94-2ubuntu3",
            "binary_name": "transmission-qt"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-38978.json"

Ubuntu:22.04:LTS

transmission

Package

Name: transmission
Purl: pkg:deb/ubuntu/transmission?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.00-2ubuntu2.2

Affected versions

3.*

3.00-1ubuntu2

3.00-1ubuntu5

3.00-2ubuntu1

3.00-2ubuntu2

3.00-2ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.00-2ubuntu2.2",
            "binary_name": "transmission"
        },
        {
            "binary_version": "3.00-2ubuntu2.2",
            "binary_name": "transmission-cli"
        },
        {
            "binary_version": "3.00-2ubuntu2.2",
            "binary_name": "transmission-common"
        },
        {
            "binary_version": "3.00-2ubuntu2.2",
            "binary_name": "transmission-daemon"
        },
        {
            "binary_version": "3.00-2ubuntu2.2",
            "binary_name": "transmission-gtk"
        },
        {
            "binary_version": "3.00-2ubuntu2.2",
            "binary_name": "transmission-qt"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-38978.json"

Ubuntu:24.04:LTS

transmission

Package

Name: transmission
Purl: pkg:deb/ubuntu/transmission?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.5-1ubuntu0.1

Affected versions

4.*

4.0.2-1ubuntu3

4.0.5-1

4.0.5-1build3

4.0.5-1build4

4.0.5-1build5

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.0.5-1ubuntu0.1",
            "binary_name": "transmission"
        },
        {
            "binary_version": "4.0.5-1ubuntu0.1",
            "binary_name": "transmission-cli"
        },
        {
            "binary_version": "4.0.5-1ubuntu0.1",
            "binary_name": "transmission-common"
        },
        {
            "binary_version": "4.0.5-1ubuntu0.1",
            "binary_name": "transmission-daemon"
        },
        {
            "binary_version": "4.0.5-1ubuntu0.1",
            "binary_name": "transmission-gtk"
        },
        {
            "binary_version": "4.0.5-1ubuntu0.1",
            "binary_name": "transmission-qt"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-38978.json"

Ubuntu:25.10

transmission

Package

Name: transmission
Purl: pkg:deb/ubuntu/transmission?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.0~beta2+dfsg-3ubuntu1.1

Affected versions

4.*

4.0.6+dfsg-3ubuntu2

4.1.0~beta2+dfsg-3ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.1.0~beta2+dfsg-3ubuntu1.1",
            "binary_name": "transmission"
        },
        {
            "binary_version": "4.1.0~beta2+dfsg-3ubuntu1.1",
            "binary_name": "transmission-cli"
        },
        {
            "binary_version": "4.1.0~beta2+dfsg-3ubuntu1.1",
            "binary_name": "transmission-common"
        },
        {
            "binary_version": "4.1.0~beta2+dfsg-3ubuntu1.1",
            "binary_name": "transmission-daemon"
        },
        {
            "binary_version": "4.1.0~beta2+dfsg-3ubuntu1.1",
            "binary_name": "transmission-gtk"
        },
        {
            "binary_version": "4.1.0~beta2+dfsg-3ubuntu1.1",
            "binary_name": "transmission-qt"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-38978.json"

Ubuntu:26.04:LTS

transmission

Package

Name: transmission
Purl: pkg:deb/ubuntu/transmission?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.1+dfsg-1ubuntu1.1

Affected versions

4.*

4.1.0~beta2+dfsg-3ubuntu1

4.1.0~beta2+dfsg-3ubuntu2

4.1.0~beta4+dfsg-1ubuntu1

4.1.0~beta5+dfsg-1ubuntu1

4.1.0+dfsg-1ubuntu1

4.1.1+dfsg-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.1.1+dfsg-1ubuntu1.1",
            "binary_name": "transmission"
        },
        {
            "binary_version": "4.1.1+dfsg-1ubuntu1.1",
            "binary_name": "transmission-cli"
        },
        {
            "binary_version": "4.1.1+dfsg-1ubuntu1.1",
            "binary_name": "transmission-common"
        },
        {
            "binary_version": "4.1.1+dfsg-1ubuntu1.1",
            "binary_name": "transmission-daemon"
        },
        {
            "binary_version": "4.1.1+dfsg-1ubuntu1.1",
            "binary_name": "transmission-gtk"
        },
        {
            "binary_version": "4.1.1+dfsg-1ubuntu1.1",
            "binary_name": "transmission-qt"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-38978.json"