Upstream information

CVE-2026-41046 at MITRE

Description

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
CVSS detail CNA (SUSE) National Vulnerability Database
Base Score 7.3 7.3
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Attack Vector Local Local
Attack Complexity Low Low
Privileges Required None Low
User Interaction None None
Scope Unchanged Unchanged
Confidentiality Impact Low High
Integrity Impact Low Low
Availability Impact High High
CVSSv3 Version 3.1 3.1
SUSE Bugzilla entry: 1261889 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Fri Apr 10 14:00:17 2026
CVE page last modified: Sun Jun 28 16:27:17 2026