Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN419
_____________________________________________________________________

DATE                : 23/04/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running PackageKit versions prior to
                                        1.3.5.

=====================================================================
https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv
_____________________________________________________________________


Race condition vulnerability leads to arbitrary package installation
as root

High
ximion published GHSA-f55j-vvr9-69xv Apr 22, 2026

Package
PackageKit

Affected versions
>=1.0.2 and <= 1.3.4

Patched versions
>= 1.3.5


Description

This report explains a vulnerability within PackageKit, that allows
unprivileged user installing packages as root and thus leads to a local
privilege escalation.

All PackageKit versions between >= 1.0.2 and <= 1.3.4 are vulnerable.
Since PackageKit 1.0.2 was released over 12 years ago, this leaves a
broad attack surface across Linux distributions. Exploitability has
been explicitly tested and confirmed on the following distributions
in default installations with apt and dnf package manager backends:

    Ubuntu Desktop 18.04 (EOL), 24.04.4 (LTS), 26.04 (LTS beta).
    Ubuntu Server 22.04 - 24.04 (LTS)
    Debian Desktop Trixie 13.4
    RockyLinux Desktop 10.1
    Fedora 43 Desktop
    Fedora 43 Server

The Pack2TheRoot vulnerability was discovered by Deutsche Telekom’s
Red Team during targeted research into local privilege escalation
vectors on modern Linux systems.

A detailed vulnerability description is planned to be added in the
future.

Further Info: https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html


image


Severity
High
8.8/ 10

CVSS v3 base metrics
Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE ID
CVE-2026-41651

Weaknesses
Weakness CWE-367

Credits

    @msatdt msatdt Reporter
    @ximion ximion Remediation developer



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================