PackageKit Vulnerability Grants Root User Permissions

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A local privilege escalation vulnerability, dubbed Pack2TheRoot, CVE-2026-41651, has been disclosed in the PackageKit daemon, a widely used cross-distribution package management component present in many Linux environments. The flaw allows an unprivileged local user to bypass authorization controls and install or remove system packages without permission, potentially leading to full root-level access and complete system compromise. The issue exposes systems running vulnerable builds across major Linux distributions. Exploitation is particularly dangerous in shared servers, enterprise workstations, and multi-user environments where local access is possible. Organizations are strongly advised to apply the latest security updates, review system logs for suspicious PackageKit crashes, and restrict unnecessary local user access until patches are applied. The vulnerability has a CVSS score of 8.8.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

RECOMMENDATION:

We recommend you to update PackageKit to version 1.3.5 or later.

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/pack2theroot-vulnerability/

[/emaillocker]

Recent Advisories

Kyber Ransomware Exposes Weak ESXi Security Controls

April 24, 2026

Windows Python asyncio Vulnerability Exposes Memory Flaw

April 24, 2026

Apache HttpClient Vulnerability Enables Authentication Bypass

April 24, 2026

Unvalidated Input Vulnerability in Actual Sync Server Backend

April 24, 2026

PackageKit Vulnerability Grants Root User Permissions

Recent Advisories

Report an Incident