CVE-2026-6970: CVE-2026-6970: Local Privilege Escalation via Improper GID Assignment in Canonical…

1 / 2

CVE-2026-6970: CVE-2026-6970: Local Privilege Escalation via Improper GID Assignment in Canonical authd

DEV Community·CVE Reports·27 days ago

#B8FDNDsB

#security #cve #cybersecurity #software #authd #group

Reading 0:00

15s threshold

CVE-2026-6970: Local Privilege Escalation via Improper GID Assignment in Canonical authd Vulnerability ID: CVE-2026-6970 CVSS Score: 7.3 Published: 2026-05-05 Canonical authd versions prior to 0.6.4 contain a local privilege escalation and denial of service vulnerability stemming from a logic error in primary group ID (GID) assignment. The daemon improperly overwrites intentional administrative GID configurations during identity provider synchronization events. TL;DR Canonical authd incorrectly overwrites custom user GIDs with their UID during identity syncs. This logic flaw permits local privilege escalation via group collision and causes denial of service through incorrect file ownership.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-6970: CVE-2026-6970: Local Privilege Escalation via Improper GID Assignment in Canonical authd