๐Ÿ” CVE Alert

CVE-2026-9494

MEDIUM 5.5

ubuntu-pro-client Information Disclosure via Cleartext Bearer Token Exposure in Process Command Line

CVSS Score
5.5
EPSS Score
0.0%
EPSS Percentile
0th

An information disclosure vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client validates Ubuntu Pro APT credentials by executing /usr/lib/apt/apt-helper using the download-file command. During this process, the secret bearer token is embedded directly in the cleartext URL component passed via the command-line arguments (argv), resulting in a URL format such as https://bearer:<token>@esm.ubuntu.com/.../. On systems utilizing a default-mounted /proc file system where process-hiding mitigations (such as hidepid) are disabled, an unprivileged local attacker can monitor system processes and read the sensitive bearer token directly from /proc/cmdline while the helper process is actively running. This leaked token can subsequently be used to gain unauthorized access to the victim's Ubuntu Pro or Expanded Security Maintenance (ESM) repositories.

CWE CWE-214
Vendor canonical
Product ubuntu-pro-client (ubuntu-advantage-tools)
Ecosystems
Industries
Technology
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for canonical ubuntu-pro-client (ubuntu-advantage-tools)

Be the first to know when new medium vulnerabilities affecting canonical ubuntu-pro-client (ubuntu-advantage-tools) are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

Canonical / ubuntu-pro-client (ubuntu-advantage-tools)
0 < 37.3
Canonical / Ubuntu 26.04 LTS
All versions affected
Canonical / Ubuntu 24.04 LTS
All versions affected
Canonical / Ubuntu 22.04 LTS
All versions affected
Canonical / Ubuntu 20.04 LTS
All versions affected
Canonical / Ubuntu 18.04 LTS
All versions affected
Canonical / Ubuntu 16.04 LTS
All versions affected
Canonical / Ubuntu 14.04 LTS
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
ubuntu.com: https://ubuntu.com/security/CVE-2026-9494

Credits

Bilal Teke