A critical local privilege escalation vulnerability (CVE-2026-3888) has been discovered in Ubuntu Desktop 24.04+, allowing unprivileged users to gain full root access via an unintended interaction between snap-confine and systemd-tmpfiles. Exploitation requires a specific time window of 10–30 days but leads to complete system compromise. The Qualys Threat Research Unit also identified a separate vulnerability in Ubuntu 25.10's uutils coreutils, which was mitigated before release.
Background
Snap is a software packaging and deployment system developed by Canonical for Linux distributions, particularly Ubuntu, allowing applications to run in isolated environments. Local privilege escalation vulnerabilities are critical as they enable attackers to gain higher system privileges from a lower initial access level.
- Source
- Lobsters
- Published
- Mar 19, 2026 at 10:56 AM
- Score
- 8.0 / 10