Critical RCE Vulnerability in Ubuntu 24.04 LTS Wheel Package

Critical RCE Vulnerability in Ubuntu 24.04 LTS Wheel Package

First seen 29 Apr 2026, 13:01 UTC UbuntuLinuxsecurity 86% similarity 72.8

Article Content

Browse articles
ThreatCluster

A critical vulnerability (CVE-2026-24049) has been identified in the 'wheel' command-line tool used in Ubuntu 24.04 LTS and its derivatives. This flaw allows attackers to execute arbitrary code by tricking users or automated systems into opening specially crafted files. The vulnerability arises from improper handling of certain file paths within the 'wheel' package. Users of Ubuntu 24.04 LTS are urged to update their systems to the patched versions of the affected packages. The issue was publicly disclosed on January 22, 2026, with a proof of concept released shortly after on February 5, 2026. The vulnerability poses a significant risk as it can lead to unauthorized code execution under the user's login context. Affected package versions include python-wheel-common, python3-wheel, and python3-wheel-whl, all of which have updates available through Ubuntu Pro. A standard system update is recommended to mitigate this risk.

Key Points: • CVE-2026-24049 allows arbitrary code execution via crafted wheel files. • Affected systems include Ubuntu 24.04 LTS and its derivatives. • Users should update to patched versions of the wheel package immediately.

ThreatCluster AI

Timeline

2026-01-22
CVE-2026-24049 published
2026-02-05
First public PoC for CVE-2026-24049 released
2026-04-29
Critical vulnerability reported in Ubuntu 24.04 LTS

Community

Browse all →