CVE-2026-6369: CWE-306 Missing authentication for critical function in Canonical canonical-livepatch
An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.
AI Analysis
Technical Summary
The canonical-livepatch snap client prior to version 10.15.0 contains a missing authentication vulnerability (CWE-306) that allows local unprivileged users to send unauthenticated requests to the livepatchd.sock Unix domain socket. This leads to disclosure of a root-level authentication token if the Livepatch client is enabled with a valid Ubuntu Pro subscription. The token grants access to Livepatch services under the victim's credentials and may cause issues to the Livepatch server. The vulnerability is local attack vector with low attack complexity and requires partial user interaction (privileged user enabling Livepatch). No vendor advisory or patch information is currently available.
Potential Impact
An attacker with local unprivileged access on a system running a vulnerable version of canonical-livepatch can obtain a root-level authentication token. This token enables unauthorized access to Livepatch services using the victim's credentials and may allow the attacker to interfere with Livepatch server operations. The impact is limited to systems with Livepatch enabled and a valid Ubuntu Pro subscription. There is no indication of remote exploitation or widespread active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to systems running vulnerable versions of canonical-livepatch and monitor for unauthorized local activity. Avoid enabling Livepatch on systems where local user access cannot be fully trusted.
CVE-2026-6369: CWE-306 Missing authentication for critical function in Canonical canonical-livepatch
Description
An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The canonical-livepatch snap client prior to version 10.15.0 contains a missing authentication vulnerability (CWE-306) that allows local unprivileged users to send unauthenticated requests to the livepatchd.sock Unix domain socket. This leads to disclosure of a root-level authentication token if the Livepatch client is enabled with a valid Ubuntu Pro subscription. The token grants access to Livepatch services under the victim's credentials and may cause issues to the Livepatch server. The vulnerability is local attack vector with low attack complexity and requires partial user interaction (privileged user enabling Livepatch). No vendor advisory or patch information is currently available.
Potential Impact
An attacker with local unprivileged access on a system running a vulnerable version of canonical-livepatch can obtain a root-level authentication token. This token enables unauthorized access to Livepatch services using the victim's credentials and may allow the attacker to interfere with Livepatch server operations. The impact is limited to systems with Livepatch enabled and a valid Ubuntu Pro subscription. There is no indication of remote exploitation or widespread active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to systems running vulnerable versions of canonical-livepatch and monitor for unauthorized local activity. Avoid enabling Livepatch on systems where local user access cannot be fully trusted.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- canonical
- Date Reserved
- 2026-04-15T15:52:27.875Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e631a519fe3cd2cdff2615
Added to database: 4/20/2026, 2:01:09 PM
Last enriched: 4/20/2026, 2:17:17 PM
Last updated: 4/20/2026, 3:07:16 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.