Improper Access Control in Canonical Livepatch Snap Client by Canonical
CVE-2026-6369

5.7MEDIUM

Key Information:

Vendor: Canonical
Status: Canonical-livepatch
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-6369?

A vulnerability in the Canonical Livepatch Snap Client allows local unprivileged users to compromise sensitive root-level authentication tokens. By sending an unauthenticated request to the livepatchd.sock Unix domain socket, an attacker can exploit this flaw on systems where the Livepatch client is enabled with a valid Ubuntu Pro subscription. This compromise can lead to unauthorized access to Livepatch services, risking the security integrity of the system and potentially affecting the Livepatch server.

Affected Version(s)

canonical-livepatch 0 < 10.15.0

References

https://discourse.ubuntu.com/t/security-notice-canonical-...

vendor-advisory

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-6369 Data

JSON