PackageKit local root flaw (CVE-2026-41651)
Vulnerability
Summary
Hide ▲
Show ▼
A PackageKit flaw, CVE-2026-41651, can let local Linux users gain root permissions by abusing package-management requests, creating a high-risk privilege-escalation path on systems with PackageKit enabled. The bug appears to have existed for nearly 12 years, affecting PackageKit versions 1.0.2 through 1.3.4 and distributions that ship the daemon pre-installed. A fix is available in PackageKit 1.3.5, and the issue was rated 8.8/10.
Related Happenings
Linux kernel Dirty Frag local root escalation privilege-escalation flaw
Vulnerability
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...
Linux kernel Dirty Frag local root escalation privilege-escalation flaw
VulnerabilityAbout this happening: **Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
Linux distributions mitigation advisories for CVE-2026-31431
Advisory/Mitigation
First: 30.04.2026 12:24
Last: 30.04.2026 12:24
Sources 1
About this happening:
Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...
Linux distributions mitigation advisories for CVE-2026-31431
Advisory/MitigationAbout this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...
Timeline
-
24.04.2026 20:28 2 articles · 1mo ago
PackageKit flaw details and fix published
Technical Analysis UpdatePublic guidance on CVE-2026-41651 describes a PackageKit daemon flaw that can let local Linux users install or remove system packages and gain root permissions, says the bug has persisted for almost 12 years in PackageKit versions 1.0.2 through 1.3.4, notes that PackageKit 1.3.5 addresses the issue, and warns that exploitation can cause the daemon to hit an assertion failure and crash.
Show sources
- New ‘Pack2TheRoot’ flaw gives hackers root Linux access — www.bleepingcomputer.com — 24.04.2026 20:28
- New ‘Pack2TheRoot’ flaw gives hackers root Linux access — www.bleepingcomputer.com — 24.04.2026 20:28
-
08.04.2026 03:00 1 articles · 1mo ago
Red Team reports PackageKit flaw to vendors
Initial DisclosureDeutsche Telekom's Red Team reported the PackageKit request-handling flaw identified as CVE-2026-41651 to Red Hat and PackageKit maintainers, beginning the remediation process for the local privilege-escalation issue.
Show sources
- New ‘Pack2TheRoot’ flaw gives hackers root Linux access — www.bleepingcomputer.com — 24.04.2026 20:28