Vulnerability in Presire Qsnapper

CVE-2026-41049

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.

Affected products

Presire Qsnapper — versions 1.2.1

Weakness classification (CWE)

CWE-303 — Incorrect Implementation of Authentication Algorithm

References

meissner@suse.de (third-party-advisory)
meissner@suse.de (vendor-advisory)
meissner@suse.de (issue-tracking)