CVE-2026-6970: CWE-842 Placement of user into incorrect group in Canonical authd
authd versions prior to 0. 6. 4 contain a logic error in primary group ID assignment that can cause local privilege escalation. Specifically, if a user's primary group ID differs from their UID due to account creation in older versions or manual changes, authd resets the primary group ID to the UID on next login. This results in files and directories being owned by incorrect groups, potentially causing denial of service and unintended access by other local users.
AI Analysis
Technical Summary
CVE-2026-6970 is a vulnerability in Canonical's authd prior to version 0.6.4 involving improper handling of a user's primary group ID (GID). When the GID differs from the UID—either from legacy account creation or manual modification via `authctl group set-gid`—authd erroneously resets the GID to the UID upon the user's next login after an identity provider record update. This logic error leads to files and directories being assigned incorrect group ownership, which can cause denial of service and enable local privilege escalation by granting unintended access to other local users.
Potential Impact
The vulnerability allows local users to escalate privileges by exploiting incorrect group ownership of files and directories. This misassignment can cause denial of service and unauthorized access to resources by other local users. The CVSS 4.0 score is 7.3 (high severity), reflecting the potential for privilege escalation with low attack complexity but requiring local access and partial user privileges.
Mitigation Recommendations
No official patch or remediation level is currently documented by the vendor. Patch status is not yet confirmed—check the Canonical vendor advisory for current remediation guidance. Until a fix is available, avoid using affected versions 0.6.0 and 0.6.1 of authd in environments where this vulnerability could be exploited. Review user group assignments and avoid manual changes to primary group IDs that could trigger this issue.
CVE-2026-6970: CWE-842 Placement of user into incorrect group in Canonical authd
Description
authd versions prior to 0. 6. 4 contain a logic error in primary group ID assignment that can cause local privilege escalation. Specifically, if a user's primary group ID differs from their UID due to account creation in older versions or manual changes, authd resets the primary group ID to the UID on next login. This results in files and directories being owned by incorrect groups, potentially causing denial of service and unintended access by other local users.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-6970 is a vulnerability in Canonical's authd prior to version 0.6.4 involving improper handling of a user's primary group ID (GID). When the GID differs from the UID—either from legacy account creation or manual modification via `authctl group set-gid`—authd erroneously resets the GID to the UID upon the user's next login after an identity provider record update. This logic error leads to files and directories being assigned incorrect group ownership, which can cause denial of service and enable local privilege escalation by granting unintended access to other local users.
Potential Impact
The vulnerability allows local users to escalate privileges by exploiting incorrect group ownership of files and directories. This misassignment can cause denial of service and unauthorized access to resources by other local users. The CVSS 4.0 score is 7.3 (high severity), reflecting the potential for privilege escalation with low attack complexity but requiring local access and partial user privileges.
Mitigation Recommendations
No official patch or remediation level is currently documented by the vendor. Patch status is not yet confirmed—check the Canonical vendor advisory for current remediation guidance. Until a fix is available, avoid using affected versions 0.6.0 and 0.6.1 of authd in environments where this vulnerability could be exploited. Review user group assignments and avoid manual changes to primary group IDs that could trigger this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- canonical
- Date Reserved
- 2026-04-24T16:52:35.090Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ef8b94ba26a39fba3f69a6
Added to database: 4/27/2026, 4:15:16 PM
Last enriched: 4/27/2026, 4:30:24 PM
Last updated: 4/27/2026, 5:54:50 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.