Critical Clickjacking Vulnerability in Transmission Affects Multiple Ubuntu Releases
Severity: Medium (Score: 57.8)
Sources: Linuxsecurity, Ubuntu
Published: · Updated:
Keywords: ubuntu, transmission, clickjacking, allow, unintended, actions, important
Summary
A clickjacking vulnerability has been identified in the Transmission BitTorrent client, affecting Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. This flaw allows attackers to trick users into performing unintended actions by visiting malicious websites. The vulnerability is present in the browser-facing WebUI and RPC response paths of Transmission. Users are advised to update their systems to the latest package versions to mitigate this risk. The affected versions include Transmission 4.1.1+dfsg-1ubuntu1.1 for Ubuntu 26.04 LTS and earlier versions for other releases. A standard system update will apply the necessary fixes. Ubuntu Pro offers ten-year security coverage for affected packages. The vulnerability has been assigned the Ubuntu Security Notice USN-8404-1. Key Points: • A clickjacking vulnerability in Transmission affects multiple Ubuntu versions. • Users can be tricked into performing unintended actions via malicious websites. • Updating to the latest package versions is essential for mitigation.
Detailed Analysis
**Impact** Users of Transmission on multiple Ubuntu releases are affected, including Ubuntu 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS. The vulnerability could allow attackers to trick users into performing unintended actions via clickjacking, potentially impacting any organization or individual using Transmission’s WebUI or RPC interfaces. The scope includes all systems running vulnerable Transmission versions, with no specific sectors or geographies detailed. There is no information on data exfiltration or direct data compromise. **Technical Details** The vulnerability is a clickjacking weakness in Transmission’s browser-facing WebUI and RPC response paths. Attackers exploit this by luring users to malicious websites that overlay transparent frames to induce unintended actions. No CVE identifiers or malware/tools are mentioned. The attack targets the user interaction stage of the kill chain. No infrastructure details or IOCs are provided in the articles. **Recommended Response** Apply the updated Transmission packages immediately via standard system updates for affected Ubuntu releases: 4.1.1+dfsg-1ubuntu1.1 for Ubuntu 26.04 LTS, 4.1.0~beta2+dfsg-3ubuntu1.1 for 25.10, 4.0.5-1ubuntu0.1 for 24.04 LTS, and 3.00-2ubuntu2.2 for 22.04 LTS. Monitor for suspicious web activity involving Transmission WebUI access. No specific detections or configurations are detailed; prioritize patching to mitigate risk.
Source articles (2)
- USN-8404-1: Transmission vulnerability — Ubuntu · 2026-06-08
Transmission could allow unintended actions if a user visited a malicious website. It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. A… - Ubuntu 26.04 Transmission Important Clickjacking Threat USN-8404 — Linuxsecurity · 2026-06-08
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Transmission could allow unintended actions if a…
Timeline
- 2026-06-08 — Clickjacking vulnerability disclosed: A clickjacking weakness in Transmission was reported, affecting several Ubuntu releases. Users are urged to update their systems.
- 2026-06-08 — Affected versions listed: The vulnerability affects Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS with specific Transmission versions.
- 2026-06-08 — Patch recommended: Users are advised to perform a standard system update to correct the vulnerability.
Related entities
- Transmission (Platform)
- Ubuntu (Company)
- Clickjacking (Attack Type)