CVE-2026-6970: CWE-842 Placement of user into incorrect group in Canonical authd
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.
AI Analysis
Technical Summary
CVE-2026-6970 is a vulnerability in Canonical's authd prior to version 0.6.4 involving improper handling of a user's primary group ID (GID). When the GID differs from the UID—either from legacy account creation or manual modification via `authctl group set-gid`—authd erroneously resets the GID to the UID upon the user's next login after an identity provider record update. This logic error leads to files and directories being assigned incorrect group ownership, which can cause denial of service and enable local privilege escalation by granting unintended access to other local users.
Potential Impact
The vulnerability allows local users to escalate privileges by exploiting incorrect group ownership of files and directories. This misassignment can cause denial of service and unauthorized access to resources by other local users. The CVSS 4.0 score is 7.3 (high severity), reflecting the potential for privilege escalation with low attack complexity but requiring local access and partial user privileges.
Mitigation Recommendations
No official patch or remediation level is currently documented by the vendor. Patch status is not yet confirmed—check the Canonical vendor advisory for current remediation guidance. Until a fix is available, avoid using affected versions 0.6.0 and 0.6.1 of authd in environments where this vulnerability could be exploited. Review user group assignments and avoid manual changes to primary group IDs that could trigger this issue.
CVE-2026-6970: CWE-842 Placement of user into incorrect group in Canonical authd
Description
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.
CVSS v4.0
Score 7.3high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-6970 is a vulnerability in Canonical's authd prior to version 0.6.4 involving improper handling of a user's primary group ID (GID). When the GID differs from the UID—either from legacy account creation or manual modification via `authctl group set-gid`—authd erroneously resets the GID to the UID upon the user's next login after an identity provider record update. This logic error leads to files and directories being assigned incorrect group ownership, which can cause denial of service and enable local privilege escalation by granting unintended access to other local users.
Potential Impact
The vulnerability allows local users to escalate privileges by exploiting incorrect group ownership of files and directories. This misassignment can cause denial of service and unauthorized access to resources by other local users. The CVSS 4.0 score is 7.3 (high severity), reflecting the potential for privilege escalation with low attack complexity but requiring local access and partial user privileges.
Mitigation Recommendations
No official patch or remediation level is currently documented by the vendor. Patch status is not yet confirmed—check the Canonical vendor advisory for current remediation guidance. Until a fix is available, avoid using affected versions 0.6.0 and 0.6.1 of authd in environments where this vulnerability could be exploited. Review user group assignments and avoid manual changes to primary group IDs that could trigger this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- canonical
- Date Reserved
- 2026-04-24T16:52:35.090Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ef8b94ba26a39fba3f69a6
Added to database: 4/27/2026, 4:15:16 PM
Last enriched: 4/27/2026, 4:30:24 PM
Last updated: 6/11/2026, 11:11:44 PM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.