Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer token in command-line arguments when validating APT credentials. A local attacker could possibly use this issue to obtain sensitive information and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494)
Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly validate data received from the contract server when writing APT source files. An attacker could possibly use this issue to inject arbitrary APT configuration and execute arbitrary code. (CVE-2026-11386)
Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not properly handle symbolic links when collecting diagnostic logs. A local attacker could possibly use this issue to obtain sensitive information from files owned by the administrator. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "37.1ubuntu0~16.04.1",
"binary_name": "ubuntu-advantage-pro"
},
{
"binary_version": "37.1ubuntu0~16.04.1",
"binary_name": "ubuntu-advantage-tools"
},
{
"binary_version": "37.1ubuntu0~16.04.1",
"binary_name": "ubuntu-pro-auto-attach"
},
{
"binary_version": "37.1ubuntu0~16.04.1",
"binary_name": "ubuntu-pro-client"
},
{
"binary_version": "37.1ubuntu0~16.04.1",
"binary_name": "ubuntu-pro-client-l10n"
}
]
}{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "37.1ubuntu0~18.04.1",
"binary_name": "ubuntu-advantage-pro"
},
{
"binary_version": "37.1ubuntu0~18.04.1",
"binary_name": "ubuntu-advantage-tools"
},
{
"binary_version": "37.1ubuntu0~18.04.1",
"binary_name": "ubuntu-pro-auto-attach"
},
{
"binary_version": "37.1ubuntu0~18.04.1",
"binary_name": "ubuntu-pro-client"
},
{
"binary_version": "37.1ubuntu0~18.04.1",
"binary_name": "ubuntu-pro-client-l10n"
}
]
}{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "37.1ubuntu0~20.04.1",
"binary_name": "ubuntu-advantage-pro"
},
{
"binary_version": "37.1ubuntu0~20.04.1",
"binary_name": "ubuntu-advantage-tools"
},
{
"binary_version": "37.1ubuntu0~20.04.1",
"binary_name": "ubuntu-pro-auto-attach"
},
{
"binary_version": "37.1ubuntu0~20.04.1",
"binary_name": "ubuntu-pro-client"
},
{
"binary_version": "37.1ubuntu0~20.04.1",
"binary_name": "ubuntu-pro-client-l10n"
}
]
}{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "37.2ubuntu~22.04.1",
"binary_name": "ubuntu-advantage-pro"
},
{
"binary_version": "37.2ubuntu~22.04.1",
"binary_name": "ubuntu-advantage-tools"
},
{
"binary_version": "37.2ubuntu~22.04.1",
"binary_name": "ubuntu-pro-auto-attach"
},
{
"binary_version": "37.2ubuntu~22.04.1",
"binary_name": "ubuntu-pro-client"
},
{
"binary_version": "37.2ubuntu~22.04.1",
"binary_name": "ubuntu-pro-client-l10n"
}
]
}"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-9494"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
],
"id": "CVE-2026-11386"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-12391"
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "37.2ubuntu~24.04.1",
"binary_name": "ubuntu-advantage-pro"
},
{
"binary_version": "37.2ubuntu~24.04.1",
"binary_name": "ubuntu-advantage-tools"
},
{
"binary_version": "37.2ubuntu~24.04.1",
"binary_name": "ubuntu-pro-auto-attach"
},
{
"binary_version": "37.2ubuntu~24.04.1",
"binary_name": "ubuntu-pro-client"
},
{
"binary_version": "37.2ubuntu~24.04.1",
"binary_name": "ubuntu-pro-client-l10n"
}
]
}"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-9494"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
],
"id": "CVE-2026-11386"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-12391"
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "37.2ubuntu0.1",
"binary_name": "ubuntu-advantage-pro"
},
{
"binary_version": "37.2ubuntu0.1",
"binary_name": "ubuntu-advantage-tools"
},
{
"binary_version": "37.2ubuntu0.1",
"binary_name": "ubuntu-pro-auto-attach"
},
{
"binary_version": "37.2ubuntu0.1",
"binary_name": "ubuntu-pro-client"
},
{
"binary_version": "37.2ubuntu0.1",
"binary_name": "ubuntu-pro-client-l10n"
}
]
}"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8555-1.json"
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-9494"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "high"
}
],
"id": "CVE-2026-11386"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-12391"
}
],
"ecosystem": "Ubuntu:26.04:LTS"
}