Back

Critical Pack2TheRoot Vulnerability Exposes Linux Systems to Local Privilege Escalation

Severity: High (Score: 70.5)

Sources: Bleepingcomputer, nvd.nist.gov, Securityaffairs.Co, github.security.telekom.com

Summary

A high-severity vulnerability identified as CVE-2026-41651 affects the PackageKit daemon, allowing local unprivileged users to gain root access on Linux systems. Discovered by Deutsche Telekom's Red Team, the flaw enables unauthorized installation and removal of system packages. The vulnerability has existed for nearly 12 years, affecting all PackageKit versions from 1.0.2 to 1.3.4. A patch was released in version 1.3.5, but many distributions are still vulnerable. The exploit can be triggered by executing commands like 'pkcon install' without authentication under certain conditions. Although no active exploitation has been confirmed, the vulnerability leaves observable traces in system logs. Users are urged to upgrade to the patched version immediately to mitigate risks. Key Points: • CVE-2026-41651 allows local users to gain root access via PackageKit. • The vulnerability affects all PackageKit versions from 1.0.2 to 1.3.4. • Users should upgrade to PackageKit version 1.3.5 to mitigate the risk.

Key Entities

  • Privilege Escalation (attack_type)
  • Zero-day Exploit (attack_type)
  • Deutsche Telekom (company)
  • Red Hat (company)
  • Fedora (company)
  • CVE-2026-41651 (cve)
  • CWE-269 - Improper Privilege Management (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • Cwe-362 - Race Condition (cwe)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • D-Bus (platform)
  • Fedora Workstation (platform)
  • Linux (platform)
  • PackageKit (platform)
  • Claude Opus AI (tool)
  • Pack2TheRoot (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed