Ubuntu snapd CVE-2026-3888 patch release
Security Patch Release
Summary
Hide ▲
Show ▼
Ubuntu shipped fixed snapd builds for CVE-2026-3888, closing a local-to-root privilege-escalation path on Ubuntu Desktop 24.04 and later. The release covers Ubuntu 24.04 LTS, 25.10 LTS, 26.04 LTS (Dev), and upstream snapd, with patched versions at 2.73+ubuntu24.04.1, 2.73+ubuntu25.10.1, 2.74.1+ubuntu26.04.1, and 2.75. Ubuntu 25.10 also reverted the default rm command to GNU coreutils to immediately reduce risk from a separate uutils coreutils race condition.
Related Happenings
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch Release
First: 11.03.2026 21:38
Last: 11.03.2026 21:38
Sources 1
About this happening:
**Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch ReleaseAbout this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch Release
First: 04.03.2026 21:12
Last: 04.03.2026 21:12
Sources 1
About this happening:
**Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch ReleaseAbout this happening: **Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Latest development: 20.03.2026 17:09
CISA ordered Federal Civilian Executive Branch (FCEB) agencies to apply security updates for CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco updated its bulletin on March 18 to warn of active exploitation in the wild. Amazon threat intelligence researchers said Interlock ransomware had been exploiting CVE-2026-20131 as a zero-day since the end of January, and Cisco said the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root on an affected device.
Trend Micro security patch release for CVE-2025-71210
Security Patch Release
First: 26.02.2026 19:58
Last: 26.02.2026 19:58
Sources 1
About this happening:
**Trend Micro** released **Critical Patch Build 14136** for **Apex One**, closing **two critical vulnerabilities** that could allow **remote code execution** on vulnerable Windows...
Trend Micro security patch release for CVE-2025-71210
Security Patch ReleaseAbout this happening: **Trend Micro** released **Critical Patch Build 14136** for **Apex One**, closing **two critical vulnerabilities** that could allow **remote code execution** on vulnerable Windows...
Juniper Networks security patch release for CVE-2026-21902
Security Patch Release
First: 26.02.2026 18:42
Last: 26.02.2026 18:42
Sources 1
About this happening:
**Juniper Networks** has released fixes for **CVE-2026-21902** in **Junos OS Evolved** on **PTX Series routers**, closing a flaw that could let an unauthenticated attacker run cod...
Juniper Networks security patch release for CVE-2026-21902
Security Patch ReleaseAbout this happening: **Juniper Networks** has released fixes for **CVE-2026-21902** in **Junos OS Evolved** on **PTX Series routers**, closing a flaw that could let an unauthenticated attacker run cod...
SolarWinds security patch release for CVE-2025-40538
Security Patch Release
First: 25.02.2026 09:04
Last: 25.02.2026 09:04
Sources 1
About this happening:
**SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...
SolarWinds security patch release for CVE-2025-40538
Security Patch ReleaseAbout this happening: **SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...
Timeline
-
18.03.2026 10:08 2 articles · 2mo ago
Ubuntu ships fixed snapd builds for CVE-2026-3888
Mitigation Patch UpdateUbuntu delivered fixed snapd builds for CVE-2026-3888 on Ubuntu Desktop 24.04 and later, closing a local privilege-escalation path that could let an unprivileged local attacker reach full root access through snap-confine and systemd-tmpfiles. The fixed versions are 2.73+ubuntu24.04.1 for Ubuntu 24.04 LTS, 2.73+ubuntu25.10.1 for Ubuntu 25.10 LTS, 2.74.1+ubuntu26.04.1 for Ubuntu 26.04 LTS (Dev), and 2.75 for upstream snapd; Ubuntu 25.10 also reverted the default rm command to GNU coreutils to reduce risk from a separate uutils coreutils race condition.
Show sources
- Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit — thehackernews.com — 18.03.2026 10:08
- New Ubuntu Flaw Enables Local Attackers to Gain Root Access — www.infosecurity-magazine.com — 18.03.2026 17:45