Incorrect Privilege Assignment in authd - CVE-2026-6970
Published: April 27, 2026
Vulnerability identifier: #VU128221
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-6970
CWE-ID: CWE-266
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Canonical Ltd.
Affected software:
authd
authd
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges and disclose sensitive information.
The vulnerability exists due to incorrect privilege assignment in user account handling when updating user records during login after identity provider information changes. A local user can log in with an affected account to escalate privileges and disclose sensitive information.
The issue affects users whose primary group ID differs from their UID, including users created with older authd releases or users whose primary group was modified with the authctl utility.
How to mitigate CVE-2026-6970
Install security update from vendor's website.