CVE-2026-41047: CWE-306 Missing authentication for critical function in presire qSnapper
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2026-41047 affects presire qSnapper versions prior to 1.3.3. It involves missing authentication controls on the "snapshot diff" functions, which are critical for protecting sensitive information. Due to this lack of authentication, a local attacker can view information that is otherwise protected by read permissions. The CVSS 4.0 vector indicates the attack requires local access with low complexity and no privileges or user interaction, and the impact is high on confidentiality. There is no vendor advisory or patch information available to confirm remediation status.
Potential Impact
An attacker with local access can exploit this vulnerability to bypass authentication controls on the snapshot diff functions, gaining unauthorized access to sensitive information that should be protected. This compromises confidentiality but does not affect integrity or availability. There are no known exploits in the wild reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local access to trusted users only to reduce risk of exploitation.
CVE-2026-41047: CWE-306 Missing authentication for critical function in presire qSnapper
Description
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.
CVSS v4.0
Score 6.9medium
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability identified as CVE-2026-41047 affects presire qSnapper versions prior to 1.3.3. It involves missing authentication controls on the "snapshot diff" functions, which are critical for protecting sensitive information. Due to this lack of authentication, a local attacker can view information that is otherwise protected by read permissions. The CVSS 4.0 vector indicates the attack requires local access with low complexity and no privileges or user interaction, and the impact is high on confidentiality. There is no vendor advisory or patch information available to confirm remediation status.
Potential Impact
An attacker with local access can exploit this vulnerability to bypass authentication controls on the snapshot diff functions, gaining unauthorized access to sensitive information that should be protected. This compromises confidentiality but does not affect integrity or availability. There are no known exploits in the wild reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local access to trusted users only to reduce risk of exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- suse
- Date Reserved
- 2026-04-16T13:37:50.679Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a395729eed863c81e0537f0
Added to database: 06/22/2026, 15:39:21 UTC
Last enriched: 06/22/2026, 15:57:43 UTC
Last updated: 06/22/2026, 18:47:15 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.