PackageKit 1.3.5 security update (CVE-2026-41651)
Security Patch Release
Summary
Hide ▲
Show ▼
PackageKit version 1.3.5 was released to fix CVE-2026-41651, closing a local privilege-escalation path that could let Linux users gain root permissions. The update matters for PackageKit-enabled Linux systems because the flaw affected systems with the daemon installed and running. Users are being pushed to move quickly to the fixed release.
Related Happenings
The vendor security patch release for CVE-2026-8206
Security Patch Release
H score89
First: 03.06.2026 01:12
Last: 03.06.2026 01:12
Sources 1
About this happening:
**Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
The vendor security patch release for CVE-2026-8206
Security Patch ReleaseAbout this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch Release
H score42
First: 27.05.2026 13:06
Last: 27.05.2026 13:06
Sources 1
About this happening:
LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch ReleaseAbout this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
Latest development: 16.06.2026 13:47
CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.
Linux distros patch release for Fragnasia (CVE-2026-46300)
Security Patch Release
H score25
First: 14.05.2026 10:34
Last: 14.05.2026 10:34
Sources 1
About this happening:
Linux distros are rolling out **patches** for **CVE-2026-46300**, a high-severity kernel flaw that can let unprivileged local attackers gain **root** on vulnerable Linux systems....
Linux distros patch release for Fragnasia (CVE-2026-46300)
Security Patch ReleaseAbout this happening: Linux distros are rolling out **patches** for **CVE-2026-46300**, a high-severity kernel flaw that can let unprivileged local attackers gain **root** on vulnerable Linux systems....
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
H score32
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
About this happening:
**Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseAbout this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
CPanel security patch release for CVE-2026-29201
Security Patch Release
H score34
First: 09.05.2026 10:16
Last: 09.05.2026 10:16
Sources 1
About this happening:
**cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
CPanel security patch release for CVE-2026-29201
Security Patch ReleaseAbout this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...
Timeline
-
24.04.2026 03:00 2 articles · 2mo ago
PackageKit 1.3.5 and CVE-2026-41651 are publicly disclosed
Mitigation Patch UpdatePublic information about CVE-2026-41651 is published together with PackageKit version 1.3.5, which addresses the issue; technical details and a demo exploit are withheld so patches can propagate, and users are told to upgrade to 1.3.5 as soon as possible.
Show sources
- New ‘Pack2TheRoot’ flaw gives hackers root Linux access — www.bleepingcomputer.com — 24.04.2026 20:28
- New ‘Pack2TheRoot’ flaw gives hackers root Linux access — www.bleepingcomputer.com — 24.04.2026 20:28
-
08.04.2026 03:00 1 articles · 3mo ago
Deutsche Telekom Red Team reports the PackageKit flaw to maintainers
Initial DisclosureDeutsche Telekom’s Red Team reports the PackageKit request-handling bug behind CVE-2026-41651 to Red Hat and PackageKit maintainers, after tracing a local privilege-escalation path that could let Linux users install or remove system packages and gain root permissions.
Show sources
- New ‘Pack2TheRoot’ flaw gives hackers root Linux access — www.bleepingcomputer.com — 24.04.2026 20:28