CVE-2026-47330
Published: 28 May 2026
Summary
CVE-2026-47330 is a low-severity Use of Uninitialized Variable (CWE-457) vulnerability in Canonical Ubuntu Linux. Its CVSS base score is 3.3 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-32985
Vulnerability details
Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching…
more
of AppArmor notification responses.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Uninitialized variable in AppArmor notification handling enables local bypass of mandatory access controls (defense impairment) and can be leveraged for privilege escalation by an unprivileged user.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.