CVE-2023-1326

HIGH

apport < 2.26.0 - Privilege Escalation via Terminal Size Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2023-1326. PoCs published by diego-tella, h3x0v3rl0rd, cve-2024.

AI-analyzed exploit summary This PoC demonstrates a local privilege escalation (LPE) vulnerability in apport-cli 2.26.0 by exploiting the pager (less) to escape to a shell when invoked with sudo. The attack requires specific configurations, including sudo access to apport-cli and less as the pager.

Description

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

Exploits (4)

nomisec WORKING POC 21 stars
by diego-tella · poc
https://github.com/diego-tella/CVE-2023-1326-PoC

This PoC demonstrates a local privilege escalation (LPE) vulnerability in apport-cli 2.26.0 by exploiting the pager (less) to escape to a shell when invoked with sudo. The attack requires specific configurations, including sudo access to apport-cli and less as the pager.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: apport-cli 2.26.0 and earlier
Auth required
Prerequisites: sudo access to apport-cli · less configured as the pager · ability to set terminal size
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by h3x0v3rl0rd · poc
https://github.com/h3x0v3rl0rd/CVE-2023-1326

This PoC demonstrates a local privilege escalation (LPE) vulnerability in apport-cli 2.26.0 by exploiting improper handling of the pager (less) when invoked via sudo. The attack leverages terminal size manipulation to escape to a shell with elevated privileges.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: apport-cli 2.26.0 and earlier
Auth required
Prerequisites: sudo access to apport-cli · less configured as the pager · ability to set terminal size
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by cve-2024 · poc
https://github.com/cve-2024/CVE-2023-1326-PoC

This PoC demonstrates a local privilege escalation (LPE) vulnerability in apport-cli 2.26.0 by exploiting the pager (less) to execute arbitrary commands when sudo is misconfigured. The attack involves invoking apport-cli with a crash file and escaping to a shell via the pager.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: apport-cli 2.26.0 and earlier
Auth required
Prerequisites: sudo access to apport-cli · less configured as the pager · ability to set terminal size
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Pol-Ruiz · poc
https://github.com/Pol-Ruiz/CVE-2023-1326

This PoC demonstrates a local privilege escalation (LPE) vulnerability in apport-cli 2.26.0 by exploiting the pager (less) to escape to a shell when invoked via sudo. The attack requires specific configurations in sudoers and terminal settings.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: apport-cli 2.26.0 and earlier
Auth required
Prerequisites: sudo access to apport-cli · less configured as the pager · ability to set terminal size
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.7
EPSS 0.0087
EPSS Percentile 54.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (5)
canonical/apport < 2.26.0
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
canonical/ubuntu_linux 22.04
canonical/ubuntu_linux 22.10
Published Apr 13, 2023
Tracked Since Feb 18, 2026