Find notable cyber news and cases, enriched with sources, timelines, and signals.

PackageKit 1.3.5 security update (CVE-2026-41651)

Security Patch Release
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

PackageKit version 1.3.5 was released to fix CVE-2026-41651, closing a local privilege-escalation path that could let Linux users gain root permissions. The update matters for PackageKit-enabled Linux systems because the flaw affected systems with the daemon installed and running. Users are being pushed to move quickly to the fixed release.

Related Happenings

The vendor security patch release for CVE-2026-8206

Security Patch Release
H score89 First: 03.06.2026 01:12 Last: 03.06.2026 01:12 Sources 1

About this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
H score42 First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Latest development: 16.06.2026 13:47

CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.

Linux distros patch release for Fragnasia (CVE-2026-46300)

Security Patch Release
H score25 First: 14.05.2026 10:34 Last: 14.05.2026 10:34 Sources 1

About this happening: Linux distros are rolling out **patches** for **CVE-2026-46300**, a high-severity kernel flaw that can let unprivileged local attackers gain **root** on vulnerable Linux systems....

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
H score32 First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

CPanel security patch release for CVE-2026-29201

Security Patch Release
H score34 First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Timeline

  1. 24.04.2026 03:00 2 articles · 2mo ago

    PackageKit 1.3.5 and CVE-2026-41651 are publicly disclosed

    Mitigation Patch Update

    Public information about CVE-2026-41651 is published together with PackageKit version 1.3.5, which addresses the issue; technical details and a demo exploit are withheld so patches can propagate, and users are told to upgrade to 1.3.5 as soon as possible.

    Show sources
  2. 08.04.2026 03:00 1 articles · 3mo ago

    Deutsche Telekom Red Team reports the PackageKit flaw to maintainers

    Initial Disclosure

    Deutsche Telekom’s Red Team reports the PackageKit request-handling bug behind CVE-2026-41651 to Red Hat and PackageKit maintainers, after tracing a local privilege-escalation path that could let Linux users install or remove system packages and gain root permissions.

    Show sources