Auth bypass in Presire Qsnapper

CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.

Vulnerability class: Broken Authentication

Affected products

Presire Qsnapper — versions 0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

meissner@suse.de (third-party-advisory)
meissner@suse.de (vendor-advisory)
meissner@suse.de (issue-tracking)