CVE-2026-25704

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-25704
A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in  cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.
CVSS

No CVSS.

References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25704
http://www.openwall.com/lists/oss-security/2026/04/16/3
Configurations

No configuration.

History

16 Apr 2026, 17:16

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de condición de carrera de errores de eliminación/reducción de privilegios/tiempo de verificación, tiempo de uso (TOCTOU) en cosmic-greeter puede permitir a un atacante recuperar privilegios que deberían haber sido eliminados y abusar de ellos en la lógica de verificación propensa a condiciones de carrera. Este problema afecta a cosmic-greeter antes de https://github.Com/pop-os/cosmic-greeter/pull/426.
References
  • () http://www.openwall.com/lists/oss-security/2026/04/16/3 -

30 Mar 2026, 08:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-30 08:16

Updated : 2026-04-16 17:16

NVD link : CVE-2026-25704

Mitre link : CVE-2026-25704

CVE.ORG link : CVE-2026-25704

JSON object : View

Products Affected

No product.

CWE
CWE-271

Privilege Dropping / Lowering Errors

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition