Vulnerability in Canonical Authd

CVE-2026-6970

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd…

EPSS: 0.000 (4.2th percentile) — read the EPSS interpretation.

Affected products

Canonical Authd — versions 0.6.0, 0.6.1

Weakness classification (CWE)

CWE-842

References

github.com/canonical/authd/security/advisories/GHSA-fg3j-5w9g-hmg7 (vendor-advisory)
github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f (patch)