Description

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.

INFO

Published Date :

2026-04-27T15:28:48.209Z

Last Modified :

2026-04-27T16:17:10.157Z

Source :

canonical
AFFECTED PRODUCTS

The following products are affected by CVE-2026-6970 vulnerability.

Vendors Products
Canonical
  • Authd
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-6970.

URL Resource
https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f cve-icon cve-icon
https://github.com/canonical/authd/security/advisories/GHSA-fg3j-5w9g-hmg7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability