CVE-2026-6369

Exposed Session Token in canonical-livepatch client snap

Assigner: canonical
Reserved: 15.04.2026 Published: 20.04.2026 Updated: 20.04.2026

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L
CVSS Score: 5.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	Low
Attack Requirements	Present	Availability	None	Availability	Low
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	Canonical
Product	canonical-livepatch
Versions	Default: unaffected affected from 0 to 10.15.0 (excl.)

Vendor

Canonical

Product

canonical-livepatch

Versions

Default: unaffected

affected from 0 to 10.15.0 (excl.)

References

Problem Types

CWE-306 Missing authentication for critical function CWE
CWE-732 Incorrect Permission Assignment for Critical Resource CWE

CVE-2026-6369 PUBLISHED

Exposed Session Token in canonical-livepatch client snap

Metrics

Product Status

References

Problem Types