Critical Ubuntu Snap Flaw Allows Local Privilege Escalation

Critical Ubuntu Snap Flaw Allows Local Privilege Escalation

First seen 18 Mar 2026, 00:28 UTC UbuntuSecuritybrief.AuCybersecuritynewsLinuxsecuritySecurityaffairs.Co+5 85% similarity 74.0

Article Content

Browse articles
ThreatCluster

A local privilege escalation vulnerability, tracked as CVE-2026-3888, has been identified in default installations of Ubuntu Desktop 24.04 and later. Discovered by Qualys, the flaw arises from an unintended interaction between snap-confine and systemd-tmpfiles, allowing unprivileged local users to gain full root access. The attack requires a specific timing window of 10 to 30 days for the system to delete a critical directory in /tmp, after which an attacker can recreate it with malicious content. This vulnerability has a high severity rating with a CVSS score of 7.8. Affected versions include snapd prior to 2.73+ubuntu24.04.1 for Ubuntu 24.04 LTS and earlier versions for subsequent releases. Organizations are urged to apply patches immediately to mitigate risks. Legacy Ubuntu versions are not vulnerable under default configurations but should still be updated as a precaution.

Key Points: • CVE-2026-3888 allows local users to escalate privileges to root on Ubuntu Desktop 24.04+. • The vulnerability exploits a timing issue between snap-confine and systemd-tmpfiles. • Immediate patching is recommended for affected systems to prevent exploitation.

ThreatCluster AI

Timeline

2026-03-17
CVE-2026-3888 published
2026-03-17
USN-8102-1 patch released, introducing regression
2026-03-18
USN-8102-2 patch released to fix regression

Community

Browse all →