CVE-2026-6970

HIGH

authd Denial of Service and Local Privilege Escalation

Title source: cna

Description

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://github.com/canonical/authd/security/advisories/GHSA-fg3j-5w9g-hmg7

Patch patch

https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f

View Patch ZIP pw:eip

Scores

CVSS v4 7.3

EPSS 0.0001

EPSS Percentile 3.0%

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-842

Status published

Products (3)

Canonical/authd 0.6.0 - 0.6.4

canonical/authd 0.6.0 - 0.6.4Go

Canonical/authd 0.6.1 - 0.6.1ubuntu0.1

Published Apr 27, 2026

Tracked Since Apr 27, 2026