{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ubuntu-advantage-tools",
"binary_version": "19.7ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "ubuntu-advantage-tools",
"purl": "pkg:deb/ubuntu/ubuntu-advantage-tools@19.7ubuntu0.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "19.7ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2",
"10ubuntu0.14.04.2",
"10ubuntu0.14.04.3",
"10ubuntu0.14.04.4",
"19.6~ubuntu14.04.3",
"19.6~ubuntu14.04.4",
"19.7"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ubuntu-advantage-pro",
"binary_version": "37.1ubuntu0~16.04.1"
},
{
"binary_name": "ubuntu-advantage-tools",
"binary_version": "37.1ubuntu0~16.04.1"
},
{
"binary_name": "ubuntu-pro-auto-attach",
"binary_version": "37.1ubuntu0~16.04.1"
},
{
"binary_name": "ubuntu-pro-client",
"binary_version": "37.1ubuntu0~16.04.1"
},
{
"binary_name": "ubuntu-pro-client-l10n",
"binary_version": "37.1ubuntu0~16.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "ubuntu-advantage-tools",
"purl": "pkg:deb/ubuntu/ubuntu-advantage-tools@37.1ubuntu0~16.04.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "37.1ubuntu0~16.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2",
"10ubuntu0.16.04.1",
"27.0~16.04.1",
"27.1~16.04.1",
"27.2.1~16.04.1",
"27.2.2~16.04.1",
"27.3~16.04.1",
"27.4.1~16.04.1",
"27.4.2~16.04.1",
"27.5~16.04.1",
"27.6~16.04.1",
"27.7~16.04.1",
"27.8~16.04.1",
"27.9~16.04.1",
"27.10.1~16.04.1",
"27.11.2~16.04.1",
"27.11.3~16.04.1",
"27.12~16.04.1",
"27.13.1~16.04.1",
"27.13.2~16.04.1",
"27.13.3~16.04.1",
"27.13.5~16.04.1",
"27.13.6~16.04.1",
"27.14.4~16.04",
"28.1~16.04",
"29.4~16.04",
"30~16.04",
"31.2~16.04",
"31.2.2~16.04",
"32.3~16.04",
"32.3.1~16.04",
"33.2~16.04",
"34~16.04",
"35.1ubuntu0~16.04",
"36ubuntu0~16.04",
"37.1ubuntu0~16.04"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ubuntu-advantage-pro",
"binary_version": "37.1ubuntu0~18.04.1"
},
{
"binary_name": "ubuntu-advantage-tools",
"binary_version": "37.1ubuntu0~18.04.1"
},
{
"binary_name": "ubuntu-pro-auto-attach",
"binary_version": "37.1ubuntu0~18.04.1"
},
{
"binary_name": "ubuntu-pro-client",
"binary_version": "37.1ubuntu0~18.04.1"
},
{
"binary_name": "ubuntu-pro-client-l10n",
"binary_version": "37.1ubuntu0~18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ubuntu-advantage-tools",
"purl": "pkg:deb/ubuntu/ubuntu-advantage-tools@37.1ubuntu0~18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "37.1ubuntu0~18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10",
"13",
"14",
"16",
"17",
"27.0.2~18.04.1",
"27.1~18.04.1",
"27.2.1~18.04.1",
"27.2.2~18.04.1",
"27.3~18.04.1",
"27.4.1~18.04.1",
"27.4.2~18.04.1",
"27.5~18.04.1",
"27.6~18.04.1",
"27.7~18.04.1",
"27.8~18.04.1",
"27.9~18.04.1",
"27.10.1~18.04.1",
"27.11.2~18.04.1",
"27.11.3~18.04.1",
"27.12~18.04.1",
"27.13.1~18.04.1",
"27.13.2~18.04.1",
"27.13.3~18.04.1",
"27.13.5~18.04.1",
"27.13.6~18.04.1",
"27.14.4~18.04",
"28.1~18.04",
"29.4~18.04",
"30~18.04",
"31.2~18.04",
"31.2.2~18.04",
"31.2.3~18.04",
"32.3~18.04",
"32.3.1~18.04",
"33.2~18.04",
"34~18.04",
"35.1ubuntu0~18.04",
"36ubuntu0~18.04",
"37.1ubuntu0~18.04"
]
},
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ubuntu-advantage-pro",
"binary_version": "37.1ubuntu0~20.04.1"
},
{
"binary_name": "ubuntu-advantage-tools",
"binary_version": "37.1ubuntu0~20.04.1"
},
{
"binary_name": "ubuntu-pro-auto-attach",
"binary_version": "37.1ubuntu0~20.04.1"
},
{
"binary_name": "ubuntu-pro-client",
"binary_version": "37.1ubuntu0~20.04.1"
},
{
"binary_name": "ubuntu-pro-client-l10n",
"binary_version": "37.1ubuntu0~20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ubuntu-advantage-tools",
"purl": "pkg:deb/ubuntu/ubuntu-advantage-tools@37.1ubuntu0~20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "37.1ubuntu0~20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"19.5.1",
"20.2.1~0ubuntu1",
"20.3",
"27.0.2~20.04.1",
"27.1~20.04.1",
"27.2.1~20.04.1",
"27.2.2~20.04.1",
"27.3~20.04.1",
"27.4.1~20.04.1",
"27.4.2~20.04.1",
"27.5~20.04.1",
"27.6~20.04.1",
"27.7~20.04.1",
"27.8~20.04.1",
"27.9~20.04.1",
"27.10.1~20.04.1",
"27.11.2~20.04.1",
"27.11.3~20.04.1",
"27.12~20.04.1",
"27.13.1~20.04.1",
"27.13.2~20.04.1",
"27.13.3~20.04.1",
"27.13.5~20.04.1",
"27.13.6~20.04.1",
"27.14.4~20.04",
"28.1~20.04",
"29.4~20.04",
"30~20.04",
"31.2~20.04",
"31.2.2~20.04",
"31.2.3~20.04",
"32.3~20.04",
"32.3.1~20.04",
"33.2~20.04",
"34~20.04",
"35.1ubuntu0~20.04",
"36ubuntu0~20.04",
"37.1ubuntu0~20.04"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-9494",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-11386",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-12391",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ubuntu-advantage-pro",
"binary_version": "37.2ubuntu~22.04.1"
},
{
"binary_name": "ubuntu-advantage-tools",
"binary_version": "37.2ubuntu~22.04.1"
},
{
"binary_name": "ubuntu-pro-auto-attach",
"binary_version": "37.2ubuntu~22.04.1"
},
{
"binary_name": "ubuntu-pro-client",
"binary_version": "37.2ubuntu~22.04.1"
},
{
"binary_name": "ubuntu-pro-client-l10n",
"binary_version": "37.2ubuntu~22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ubuntu-advantage-tools",
"purl": "pkg:deb/ubuntu/ubuntu-advantage-tools@37.2ubuntu~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "37.2ubuntu~22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"27.2.2~21.10.1",
"27.3~21.10.1",
"27.4~22.04.1",
"27.4.1~22.04.1",
"27.4.2~22.04.1",
"27.5~22.04.1",
"27.6~22.04.1",
"27.7~22.04.1",
"27.8~22.04.1",
"27.9~22.04.1",
"27.10.1~22.04.1",
"27.11.2~22.04.1",
"27.11.3~22.04.1",
"27.12~22.04.1",
"27.13.1~22.04.1",
"27.13.2~22.04.1",
"27.13.3~22.04.1",
"27.13.5~22.04.1",
"27.13.6~22.04.1",
"27.14.4~22.04",
"28.1~22.04",
"29.4~22.04",
"30~22.04",
"31.2~22.04",
"31.2.2~22.04",
"31.2.3~22.04",
"32.3~22.04",
"32.3.1~22.04",
"33.2~22.04",
"34~22.04",
"35.1ubuntu0~22.04",
"36ubuntu0~22.04",
"37.1ubuntu0~22.04",
"37.2ubuntu~22.04"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-9494",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-11386",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-12391",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ubuntu-advantage-pro",
"binary_version": "37.2ubuntu~24.04.1"
},
{
"binary_name": "ubuntu-advantage-tools",
"binary_version": "37.2ubuntu~24.04.1"
},
{
"binary_name": "ubuntu-pro-auto-attach",
"binary_version": "37.2ubuntu~24.04.1"
},
{
"binary_name": "ubuntu-pro-client",
"binary_version": "37.2ubuntu~24.04.1"
},
{
"binary_name": "ubuntu-pro-client-l10n",
"binary_version": "37.2ubuntu~24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ubuntu-advantage-tools",
"purl": "pkg:deb/ubuntu/ubuntu-advantage-tools@37.2ubuntu~24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "37.2ubuntu~24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"29.4",
"30",
"30.1",
"31.1",
"31.2.2",
"31.2.2build1",
"31.2.3",
"32.3~24.04",
"32.3.1~24.04",
"33.2~24.04.1",
"34~24.04",
"35.1ubuntu0~24.04",
"36ubuntu0~24.04",
"37.1ubuntu0~24.04",
"37.2ubuntu~24.04"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-9494",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-11386",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-12391",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:26.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ubuntu-advantage-pro",
"binary_version": "37.2ubuntu0.1"
},
{
"binary_name": "ubuntu-advantage-tools",
"binary_version": "37.2ubuntu0.1"
},
{
"binary_name": "ubuntu-pro-auto-attach",
"binary_version": "37.2ubuntu0.1"
},
{
"binary_name": "ubuntu-pro-client",
"binary_version": "37.2ubuntu0.1"
},
{
"binary_name": "ubuntu-pro-client-l10n",
"binary_version": "37.2ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "ubuntu-advantage-tools",
"purl": "pkg:deb/ubuntu/ubuntu-advantage-tools@37.2ubuntu0.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "37.2ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"37ubuntu0",
"37.1ubuntu0",
"37.2ubuntu"
]
}
],
"aliases": [],
"details": "Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer\ntoken in command-line arguments when validating APT credentials. A local\nattacker could possibly use this issue to obtain sensitive information\nand gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494)\n\nFrederick Jerusha discovered that Ubuntu Advantage Tools did not properly\nvalidate data received from the contract server when writing APT source\nfiles. An attacker could possibly use this issue to inject arbitrary APT\nconfiguration and execute arbitrary code. (CVE-2026-11386)\n\nMateusz Gierblinski discovered that Ubuntu Advantage Tools did not\nproperly handle symbolic links when collecting diagnostic logs. A local\nattacker could possibly use this issue to obtain sensitive information\nfrom files owned by the administrator. This issue only affected Ubuntu\n16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nUbuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)",
"id": "USN-8555-1",
"modified": "2026-07-16T12:59:08Z",
"published": "2026-07-16T12:59:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8555-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-9494"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-11386"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-12391"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "ubuntu-advantage-tools vulnerabilities",
"upstream": [
"UBUNTU-CVE-2026-9494",
"UBUNTU-CVE-2026-11386",
"UBUNTU-CVE-2026-12391"
]
}