CVE-2026-41045
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A time-to-check-time-of-use vulnerability in the polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnapper's authentication mechanism and operate with root privileges.
Risk Assessment
A local attacker can gain full system control by performing operations with administrator privileges, compromising data confidentiality, integrity, and availability.
Recommendation
Immediately update qSnapper to version 1.3.3 or later, which includes a fix for the TOCTOU vulnerability.
Original NVD description (English source)
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.

