CVE-2026-41046
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
A path traversal vulnerability in qSnapper before version 1.3.3 allows a local attacker to use malicious snapper config files via the "configName" parameter. This can lead to denial of service or potential privilege escalation to root.
Risk Assessment
The organization faces the risk of a local user gaining full control over the system, potentially compromising data confidentiality, integrity, and availability.
Recommendation
Immediately upgrade qSnapper to version 1.3.3 or later, which fixes the vulnerability. Additionally, restrict local system access to trusted users only.
Original NVD description (English source)
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.

