CVE-2026-41046: CWE-23 Relative path traversal in presire qSnapper
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
AI Analysis
Technical Summary
CVE-2026-41046 is a relative path traversal vulnerability in presire's qSnapper product prior to version 1.3.3. The issue arises from improper validation of the "configName" parameter, which allows a local attacker to manipulate file paths and load malicious configuration files. Exploitation can lead to denial of service or privilege escalation to root. The vulnerability has a CVSS 3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H), reflecting local attack vector with low complexity and no privileges required, resulting in limited confidentiality and integrity impact but high availability impact.
Potential Impact
A local attacker can exploit this vulnerability to cause denial of service or potentially escalate privileges to root by leveraging malicious configuration files through path traversal. Confidentiality and integrity impacts are limited, but availability impact is high due to potential service disruption.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch link is provided, users should monitor presire's advisories for updates. Until a fix is available, restrict local access to trusted users and validate or sanitize inputs related to the "configName" parameter to mitigate exploitation risk.
CVE-2026-41046: CWE-23 Relative path traversal in presire qSnapper
Description
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
CVSS v3.1
Score 7.3high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-41046 is a relative path traversal vulnerability in presire's qSnapper product prior to version 1.3.3. The issue arises from improper validation of the "configName" parameter, which allows a local attacker to manipulate file paths and load malicious configuration files. Exploitation can lead to denial of service or privilege escalation to root. The vulnerability has a CVSS 3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H), reflecting local attack vector with low complexity and no privileges required, resulting in limited confidentiality and integrity impact but high availability impact.
Potential Impact
A local attacker can exploit this vulnerability to cause denial of service or potentially escalate privileges to root by leveraging malicious configuration files through path traversal. Confidentiality and integrity impacts are limited, but availability impact is high due to potential service disruption.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch link is provided, users should monitor presire's advisories for updates. Until a fix is available, restrict local access to trusted users and validate or sanitize inputs related to the "configName" parameter to mitigate exploitation risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- suse
- Date Reserved
- 2026-04-16T13:37:50.679Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a395729eed863c81e0537eb
Added to database: 06/22/2026, 15:39:21 UTC
Last enriched: 06/22/2026, 16:09:06 UTC
Last updated: 06/22/2026, 20:28:00 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.