CVE-2026-6970

authd Denial of Service and Local Privilege Escalation

Assigner: canonical
Reserved: 24.04.2026 Published: 27.04.2026 Updated: 27.04.2026

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the authctl group set-gid command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	Present	Availability	High	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	Canonical
Product	authd
Versions	Default: unaffected affected from 0.6.0 to 0.6.4 (excl.) affected from 0.6.1 to 0.6.1ubuntu0.1 (excl.)

Vendor

Canonical

Product

authd

Versions

Default: unaffected

affected from 0.6.0 to 0.6.4 (excl.)
affected from 0.6.1 to 0.6.1ubuntu0.1 (excl.)

References

Problem Types

CWE-842 Placement of user into incorrect group CWE

Impacts