CVE-2026-25704
Incomplete privilege drop for com.system76.CosmicGreeter.GetUserData
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
2th
A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.
| CWE | CWE-271 CWE-367 |
| Vendor | pop-os |
| Product | cosmic-greeter |
| Published | Mar 30, 2026 |
| Last Updated | Apr 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for pop-os cosmic-greeter
Be the first to know when new unknown vulnerabilities affecting pop-os cosmic-greeter are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
pop-os / cosmic-greeter
? < https://github.com/pop-os/cosmic-greeter/pull/426
References
Credits
Matthias Gerstner of SUSE