Local Authentication Bypass in qSnapper by Presire
CVE-2026-41045

8.1HIGH

Key Information:

Vendor

Presire

Status
Qsnapper
Vendor
CVE Published:
22 June 2026

What is CVE-2026-41045?

A vulnerability in qSnapper's authentication mechanism allows local attackers to bypass security checks due to a time-to-check-time-of-use issue. This flaw affects versions prior to 1.3.3 and can enable unauthorized users to gain elevated privileges, such as executing commands as the root user. Proper mitigation steps should be taken to prevent exploitation of this vulnerability.

Affected Version(s)

qSnapper 0 < 1.3.3

References

https://security.opensuse.org/2026/05/26/qsnapper-dbus-is...
third-party-advisory
https://github.com/presire/qSnapper/releases/tag/v1.3.3
vendor-advisory
https://bugzilla.suse.com/show_bug.cgi?id=1261795
issue-tracking

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthias Gerstner of SUSE
.