CVE-2026-41046
Published
CVSS v3
7.3
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
qSnapper is a Qt6/QML GUI application for managing Btrfs/Snapper snapshots on Linux with D-Bus and PolicyKit integration.
GitHub