Path Traversal Vulnerability in qSnapper by Presire
CVE-2026-41046

7.3HIGH

Key Information:

Vendor

Presire

Status
Qsnapper
Vendor
CVE Published:
22 June 2026

What is CVE-2026-41046?

A path traversal vulnerability exists in qSnapper, prior to version 1.3.3, which can be exploited by a local attacker. By manipulating the 'configName' parameter, malicious config files can be utilized to disrupt the service offered by qSnapper, potentially leading to a denial of service. Furthermore, this vulnerability could allow for privilege escalation, granting the attacker root access under certain conditions. Users are advised to upgrade to version 1.3.3 or later to mitigate this risk.

Affected Version(s)

qSnapper 0 < 1.3.3

References

https://security.opensuse.org/2026/05/26/qsnapper-dbus-is...
third-party-advisory
https://github.com/presire/qSnapper/releases/tag/v1.3.3
vendor-advisory
https://bugzilla.suse.com/show_bug.cgi?id=1261889
issue-tracking

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthias Gerstner of SUSE
.