Critical Pack2TheRoot Vulnerability Exposes Linux Systems to Local Privilege Escalation

Critical Pack2TheRoot Vulnerability Exposes Linux Systems to Local Privilege Escalation

First seen 24 Apr 2026, 18:01 UTC Bleepingcomputernvd.nist.govgithub.security.telekom.comSecurityaffairs.CoHeise.De+1 84% similarity 70.5

Article Content

Browse articles
ThreatCluster

A high-severity vulnerability identified as CVE-2026-41651 affects the PackageKit daemon, allowing local unprivileged users to gain root access on Linux systems. Discovered by Deutsche Telekom's Red Team, the flaw enables unauthorized installation and removal of system packages. The vulnerability has existed for nearly 12 years, affecting all PackageKit versions from 1.0.2 to 1.3.4. A patch was released in version 1.3.5, but many distributions are still vulnerable. The exploit can be triggered by executing commands like 'pkcon install' without authentication under certain conditions. Although no active exploitation has been confirmed, the vulnerability leaves observable traces in system logs. Users are urged to upgrade to the patched version immediately to mitigate risks.

Key Points: • CVE-2026-41651 allows local users to gain root access via PackageKit. • The vulnerability affects all PackageKit versions from 1.0.2 to 1.3.4. • Users should upgrade to PackageKit version 1.3.5 to mitigate the risk.

ThreatCluster AI

Timeline

2026-04-08
Deutsche Telekom Red Team reported vulnerability to maintainers.
2026-04-22
CVE-2026-41651 published.
2026-04-24
First public proof-of-concept released.

Community

Browse all →