What is the official website of Canonical ?

The official website of Canonical is http://www.canonical.com/.

What is Canonical's cybersecurity risk score?

Canonical has an AI-generated cybersecurity risk score of 735 out of 1000, indicating a Moderate security posture according to Rankiteo's assessment.

How many security incidents has Canonical experienced?

According to Rankiteo, Canonical currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Canonical been affected by any supply chain cyber incidents ?

According to Rankiteo, Canonical has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: The Linux Foundation (Incident ID: TUXOPEFEDTHEUBU1778214411) BleepingComputer (Incident ID: DEBUBUFED1776933436) GNU Project (Incident ID: GNU1773836738) Kernel Foundation - Master Linux Kernel & LDD (Incident ID: TUXCANDEBROC1780943498) GNU Project (Incident ID: GNU1769439621)

Does Canonical have SOC 2 Type 1 certification ?

According to Rankiteo, Canonical is not certified under SOC 2 Type 1.

Does Canonical have SOC 2 Type 2 certification ?

According to Rankiteo, Canonical does not hold a SOC 2 Type 2 certification.

Does Canonical comply with GDPR ?

According to Rankiteo, Canonical is not listed as GDPR compliant.

Does Canonical have PCI DSS certification ?

According to Rankiteo, Canonical does not currently maintain PCI DSS compliance.

Does Canonical comply with HIPAA ?

According to Rankiteo, Canonical is not compliant with HIPAA regulations.

Does Canonical have ISO 27001 certification ?

According to Rankiteo,Canonical is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Canonical operate in ?

Canonical operates primarily in the Software Development industry.

How many employees does Canonical have ?

Canonical employs approximately 1,911 people worldwide.

Does Canonical own any subsidiaries ?

Canonical presently has no subsidiaries across any sectors.

How many LinkedIn followers does Canonical have ?

Canonical's official LinkedIn profile has approximately 732,822 followers.

What is the NAICS classification code for Canonical ?

Canonical is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does Canonical have a Crunchbase profile ?

No, Canonical does not have a profile on Crunchbase.

Does Canonical have a LinkedIn profile ?

Yes, Canonical maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/canonical.

How many cybersecurity incidents has Canonical experienced ?

As of June 21, 2026, Rankiteo reports that Canonical has experienced 11 cybersecurity incidents.

How many peer or competitor companies does Canonical have ?

Canonical has an estimated 30,142 peer or competitor companies worldwide.

What types of cybersecurity incidents has Canonical faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Canonical

Boost Score +25 with badge (5 left)

735

/1000

Moderate

760

/1000

Fair

Canonical Vendor Cyber Rating & Cyber Score

canonical.com

Add Your Compliance Badge

We deliver open source to the world faster, more securely and more cost effectively than any other company. We're also the publishers of Ubuntu, the world’s most popular enterprise Linux from cloud to edge, together with a passionate global community of 200,000+ contributors. Ubuntu means 'humanity to others'. We chose it because it embodies the generosity at the heart of open source, the new normal for platforms and innovation. Together with a community of 200,000, we publish an operating system that runs from the tiny connected devices up to the world's biggest mainframes, the platform that everybody uses on the public cloud, and the workstation experience of the world's most productive developers. Secure and reliable, elegant and

Canonical A.I CyberSecurity Scoring

Scoring History

Canonical

Canonical CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Ubuntu

Vulnerability

5/2026

UBURASDEB177891...

Canonical

Vulnerability

100

5/2026

The Linux Found...

TUXOPEFEDTHEUBU...

Canonical

Cyber Attack

100

5/2026

CAN1777638222

Ubuntu

Vulnerability

4/2026

BleepingCompute...

DEBUBUFED177693...

Ubuntu

Vulnerability

100

4/2026

UBU1779978504

Canonical

Vulnerability

3/2026

CAN1773822577

Canonical

Vulnerability

100

3/2026

GNU Project

GNU1773836738

Canonical

Vulnerability

100

3/2026

CANDEB177337583...

Canonical

Vulnerability

2/2026

Kernel Foundati...

TUXCANDEBROC178...

Canonical

Vulnerability

100

1/2026

GNU Project

GNU1769439621

Canonical

Vulnerability

100

1/2017

SUSDEBSUDCAN177...

Loading…

A.I.

Canonical Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Canonical

Incidents vs Software Development Industry Avg (This Year)

Canonical has 566.67% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Canonical has 554.21% more incidents than the average of all companies with at least one recorded incident.

Incident Types Canonical vs Software Development Industry Avg (This Year)

Canonical reported 7 incidents this year: 1 cyber attacks, 0 ransomware, 6 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History - Canonical (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Canonical Subsidiaries

Canonical

Software Development

Website: http://www.canonical.com/

Company Size: 1,001-5,000 employees

UbuntuSoftware Development

Loading…

Canonical Similar Companies

Dassault Systèmes

3ds.com

Dassault Systèmes is a catalyst for human progress. Since 1981, the company has pioneered virtual worlds to improve real life for consumers, patients and citizens. With Dassault Systèmes’ 3DEXPERIENCE platform, 370,000 customers of all sizes, in all industries, can collaborate, imagine and create sustainable innovations that drive meaningful impact. For more information, visit: https://www.3ds.com

DiDi

didiglobal.com

DiDi Global Inc. is a leading mobility technology platform. It offers a wide range of app-based services across Asia Pacific, Latin America, and other global markets, including ride hailing, taxi hailing, designated driving, hitch and other forms of shared mobility as well as certain energy and vehicle services, food delivery, and intra-city freight services. DiDi provides car owners, drivers, and delivery partners with flexible work and income opportunities. It is committed to collaborating with policymakers, the taxi industry, the automobile industry, and the communities to solve the world’s transportation, environmental, and employment challenges through the use of AI technology and localized smart transportation innovations. DiDi strives to create better life experiences and greater social value, by building a safe, inclusive, and sustainable transportation and local services ecosystem for cities of the future.

OpenText

opentext.com

OpenText is a leading Cloud and AI company that provides organizations around the world with a comprehensive suite of Business AI, Business Clouds, and Business Technology. We help organizations grow, innovate, become more efficient and effective, and do so in a trusted and secure way—through Information Management. OpenText (NASDAQ/TSX: OTEX), founded in 1991 in Waterloo, has a rich history of helping customers manage their most important asset—information. Originating from a collaboration to digitize the Oxford English Dictionary, OpenText has grown into a global leader in information management. With over 120,000 enterprise customers across 180 countries, OpenText supports 98 of the top 100 global companies. A wide breadth of offerings uniquely positions OpenText to help customers unlock the value of that information using Al, cloud, and security innovations. At OpenText, our culture is at the heart of everything we do—and today, that includes being proudly AI-first. We’re creating a workplace where everyone can thrive, with artificial intelligence integrated into how we work, solve problems, and innovate together. By fostering a collaborative and inclusive environment, we empower digital knowledge workers and drive forward-thinking solutions that shape the future of information management. We believe our success comes from the strength of our team—talent that AI can’t replace—and we’re committed to attracting and supporting those who bring unique insight, adaptability, and creativity. Because at OpenText, people aren’t just our greatest asset—they’re the reason we shine in an AI-powered world. Join us at OpenText and become part of a team where your talents and ideas are truly valued.

Snowflake

snowflake.com

Snowflake delivers the AI Data Cloud — a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance. Inside the AI Data Cloud, organizations unite their siloed data, easily discover and securely share governed data, and execute diverse analytic workloads. Wherever data or users live, Snowflake delivers a single and seamless experience across multiple public clouds. Snowflake’s platform is the engine that powers and provides access to the AI Data Cloud, creating a solution for data warehousing, data lakes, data engineering, data science, data application development, and data sharing. Join Snowflake customers, partners, and data providers already taking their businesses to new frontiers in the AI Data Cloud.

Cisco

cisco.com

Cisco is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities to unlock innovation, enhance productivity and strengthen digital resilience. With purpose at its core, Cisco remains committed to creating a more connected and inclusive future for all.

Canva

canva.com

We're a global online visual communications platform on a mission to empower the world to design. Featuring a simple drag-and-drop user interface and a vast range of templates ranging from presentations, documents, websites, social media graphics, posters, apparel to videos, plus a huge library of fonts, stock photography, illustrations, video footage, and audio clips, anyone can take an idea and create something beautiful on Canva on any device, from anywhere in the world. Since our launch in 2013, we’ve had the crazy big goal of making design accessible to everyone. We were founded on the belief that people shouldn't need to understand complex software to unlock their creativity. We’re leveling the playing field and democratizing access to design and visual communication by empowering 100% of the world to communicate in a way that was once limited to the 1%. We've always had a deeper mission surrounding Canva — which we talk about as our 'simple' two-step plan: to build one of the world’s most valuable companies, and to do the most good we possibly can. We're committed to our core value of Being a Force for Good, so as the value of our company grows, so too does our ability to have a positive impact on the world.

Databricks

databricks.com

Databricks is the Data and AI company. More than 20,000 organizations worldwide — including adidas, AT&T, Bayer, Block, Mastercard, Rivian, Unilever, and over 60% of the Fortune 500 — rely on Databricks to build and scale data and AI apps, analytics and agents. Headquartered in San Francisco with 30+ offices around the globe, Databricks offers a unified Data Intelligence Platform that includes Agent Bricks, Lakeflow, Lakehouse, Lakebase and Unity Catalog. --- Databricks applicants Please apply through our official Careers page at databricks.com/company/careers. All official communication from Databricks will come from email addresses ending with @databricks.com or @goodtime.io (our meeting tool).

GlobalLogic

globallogic.com

GlobalLogic, a Hitachi Group company, is a trusted partner in design, data, and digital engineering for the world’s largest and most innovative companies. Since our inception in 2000, we have been at the forefront of the digital revolution, helping to create some of the most widely used digital products and experiences. Our purpose is to positively impact society and the planet through cutting-edge technology. Together with our clients, we are engineering impact through intelligent products, platforms, and services that are designed for desirability, engineered for excellence, and curated for intelligence. Our people-first culture fosters shoulder-to-shoulder teamwork, supported by a unique lab model and flexible delivery options, including onshore, nearshore, and offshore solutions. We also prioritize environmental stewardship in our product development and are committed to leveraging the diversity of thoughts as a driver for business innovation, attracting and developing talent, and sustainable growth. We are proud of our global recognitions: Leader in the ISG Provider Lens™ Digital Engineering Services 2024 U.S. report Everest Group's Software Product Engineering Services Peak Matrix 2024 Star Performer in Major Contender in Everest Group’s Trust & Safety Peak Matrix 2024 2024 EcoVadis Silver Sustainability Rating Join us as we continue to shape the future of digital engineering and create lasting impacts for businesses and communities worldwide: globallogic.com

NiCE

nice.com

NiCE is transforming the world with AI that puts people first. Our purpose-built AI-powered platforms automate engagements into proactive, safe, intelligent actions, empowering individuals and organizations to innovate and act, from interaction to resolution. Trusted by organizations throughout 150+ countries worldwide, NiCE’s platforms are widely adopted across industries connecting people, systems, and workflows to work smarter at scale, elevating performance across the organization, delivering proven measurable outcomes.

Loading…

NEWS

Canonical CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 27, 2026 08:00 AM

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via...

Read Article

January 23, 2026 08:00 AM

In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice

Cloudflare WAF bypass, Canonical Snap Store abused for malware delivery, Curl terminating bug bounty program.

Read Article

January 22, 2026 08:00 AM

Hackers Hijacking Snap Domains to Posion Linux Software Packages for Desktops and Servers

Critical flaws in Canonical Snap Store enable fake crypto wallet apps to spread malware and steal assets across Linux systems.

Read Article

December 10, 2025 08:00 AM

Can LLMs effectively provide game-theoretic-based scenarios for cybersecurity?

IntroductionGame theory has long served as a foundational tool in cybersecurity to test, predict, and design strategic interactions between...

Read Article

November 28, 2025 08:00 AM

OpenNebula Systems partners with Canonical for Ubuntu Pro -

OpenNebula and Canonical Partner to deliver OpenNebula Enterprise Subscriptions with built-In Ubuntu Pro for Enterprise AI Clouds.

Read Article

November 08, 2025 08:00 AM

Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched

QNAP has addressed seven critical zero-day vulnerabilities in its network-attached storage (NAS) operating systems, following their...

Read Article

October 22, 2025 07:00 AM

Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable

Threat actors infiltrated the official Xubuntu website, redirecting torrent downloads to a malicious ZIP file containing Windows-targeted...

Read Article

October 21, 2025 07:00 AM

Official Xubuntu website compromised to serve malware

The website for the community-maintained Xubuntu (at xubuntu.org) has apparently been hacked to deliver Windows malware.

Read Article

October 20, 2025 07:00 AM

Xubuntu website downloads section gets malware

Someone managed to insert a compromised file into the downloads section of the website for Xubuntu, the official Ubuntu flavor with the Xfce...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-56355

SUMMARY

GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 3.7)

cvss3

Base Score: 3.7

Complexity: HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score

1.4

Exploitability

2.2

REFERENCES

CVE-2026-56347

SUMMARY

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site visitors, potentially stealing session cookies or performing unauthorized actions.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 6.1)

cvss3

Base Score: 6.1

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

cvss4

Base Score: 5.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

2.7

Exploitability

2.8

REFERENCES

CVE-2026-56346

SUMMARY

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 6.5)

cvss3

Base Score: 6.5

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

cvss4

Base Score: 6.9

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

2.5

Exploitability

3.9

REFERENCES

CVE-2026-56345

SUMMARY

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload with a filename containing an arbitrary users_id to invoke passwordless User->login() and establish an authenticated session as any user including admin. Attackers can obtain the Meet shared secret through path-traversal vulnerabilities or timing attacks against checkToken.json.php, then POST a crafted file to uploadRecordedVideo.json.php with a filename like '1-anything.mp4' to hijack admin sessions and gain full account takeover.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 8.1)

cvss3

Base Score: 8.1

Complexity: HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.2

Complexity: HIGH

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.2

REFERENCES

CVE-2026-56342

SUMMARY

AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL() validation and accepts requests to private IP ranges and cloud metadata endpoints. Attackers can exploit this by crafting requests to internal services, cloud metadata endpoints like 169.254.169.254, and localhost to retrieve sensitive information including IAM credentials, internal service responses, and network configuration details.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 6.8)

cvss3

Base Score: 6.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

cvss4

Base Score: 6.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

2.3

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…