CVE-2026-6369
MEDIUMExposed Session Token in canonical-livepatch client snap
Title source: cnaDescription
An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://discourse.ubuntu.com/t/security-notice-canonical-livepatch-client-snap-vulnerability/80662
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
2.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-306
CWE-732
Status
published
Products (2)
Canonical/canonical-livepatch
< 10.15.0
canonical/livepatch_client
< 10.15.0
Published
Apr 20, 2026
Tracked Since
Apr 20, 2026