Brand ClaimErleben, was verbindet

Advisory 2026-1211 - PackageKit: Vulnerability allows privilege escalation

Achtung: You can now also find information from the Vulnerability Advisory Service in the CTI portal!
The CTI portal is available at the following address: https://cti-portal.telekom.net/advisories/2026-1211
Notice: This advisory is by exception shown completely public. You will regularly receive details on vulnerability information as a customer via your login or through our daily advisory e-mail.
3
Attack probability
medium
5
Potential damage
high
local attackerExploit available
Date
2026-04-22
Release
2026-04-30 UPDATE

Operating System

  • Linux

Software

  • Open Source PackageKit < 1.3.5
  • UPDATE 2026-04-23
  • Debian Linux
  • Fedora Linux
  • Red Hat Enterprise Linux
  • Ubuntu Linux
  • UPDATE 2026-04-27
  • SUSE Linux
  • UPDATE 2026-04-30
  • Oracle Linux

Attack

A local attacker can exploit a vulnerability in PackageKit in order to elevate his privileges.

Description

PackageKit is a collection of tools and libraries designed to simplify software installation, update, and removal across various Linux distributions.

CVE-2026-41651

There is a vulnerability in PackageKit due to a race condition. A local attacker can exploit this to install arbitrary packages as root and leading to a privilege escalation.

CVSSv2 Base Score: 6.8 / Temporal Score: 5.3
AV:L/AC:L/AU:S/C:C/I:C/A:C/E:POC/RL:OF/RC:ND
CVSSv3.1 Base Score: 8.8 / Temporal Score: 7.9
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:X

UPDATE 2026-04-23
PoC code exploiting this vulnerability is available on the Internet.

Recommendation

The developers provide updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://github.com/PackageKit/PackageKit/releases/tag/v1.3.5

UPDATE 2026-04-23

Debian provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://lists.debian.org/debian-lts-announce/2026/04/msg00026.html

Fedora provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-41926fe792
https://bodhi.fedoraproject.org/updates/FEDORA-2026-6c121b3d4c

Debian provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://lists.debian.org/debian-security-announce/2026/msg00136.html

Fedora provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-7463cd3c32

Ubuntu provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://bugs.launchpad.net/bugs/cve/2026-41651

There is currently no update or patch available to fix this vulnerability in Red Hat Enterprise Linux.
https://access.redhat.com/security/cve/cve-2026-41651

UPDATE 2026-04-27

SUSE provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://lists.suse.com/pipermail/sle-security-updates/2026-April/025643.html

UPDATE 2026-04-29

Red Hat provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://access.redhat.com/errata/RHSA-2026:11504
https://access.redhat.com/errata/RHSA-2026:11635

Ubuntu provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://ubuntu.com/security/notices/USN-8195-3

UPDATE 2026-04-30

Oracle Linux provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://linux.oracle.com/errata/ELSA-2026-11504.html
https://linux.oracle.com/errata/ELSA-2026-11635.html

Information

GitHub PackageKit Commit dated 2026-04-21
https://github.com/PackageKit/PackageKit/commit/d9cae13b326238488bf06fb5bf458cfeeaf71869

Telekom Security Blog dated 2026-04-21
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html

GitHub Security Advisory GHSA-f55j-vvr9-69xv dated 2026-04-22
https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv

UPDATE 2026-04-23

Debian Security Advisory DLA-4545 dated 2026-04-23
https://lists.debian.org/debian-lts-announce/2026/04/msg00026.html

Fedora Security Advisory FEDORA-2026-41926FE792 dated 2026-04-22
https://bodhi.fedoraproject.org/updates/FEDORA-2026-41926fe792

Fedora Security Advisory FEDORA-2026-6C121B3D4C dated 2026-04-22
https://bodhi.fedoraproject.org/updates/FEDORA-2026-6c121b3d4c

Debian Security Advisory DSA-6226 dated 2026-04-23
https://lists.debian.org/debian-security-announce/2026/msg00136.html

Fedora Security Advisory FEDORA-2026-7463CD3C32 dated 2026-04-22
https://bodhi.fedoraproject.org/updates/FEDORA-2026-7463cd3c32

Ubuntu CVE Tracker
https://bugs.launchpad.net/bugs/cve/2026-41651

Red Hat Customer Portal
https://access.redhat.com/security/cve/cve-2026-41651

PoC dated 2026-04-22
https://github.com/Vozec/CVE-2026-41651/

UPDATE 2026-04-27

SUSE Security Update SUSE-SU-2026:1619-1 dated 2026-04-24
https://lists.suse.com/pipermail/sle-security-updates/2026-April/025643.html

UPDATE 2026-04-29

Red Hat Security Advisory RHSA-2026:11504 dated 2026-04-29
https://access.redhat.com/errata/RHSA-2026:11504

Red Hat Security Advisory RHSA-2026:11635 dated 2026-04-29
https://access.redhat.com/errata/RHSA-2026:11635

Ubuntu Security Notice USN-8195-3 dated 2026-04-29
https://ubuntu.com/security/notices/USN-8195-3

UPDATE 2026-04-30

Oracle Linux Security Advisory ELSA-2026-11504 dated 2026-04-29
https://linux.oracle.com/errata/ELSA-2026-11504.html

Oracle Linux Security Advisory ELSA-2026-11635 dated 2026-04-30
https://linux.oracle.com/errata/ELSA-2026-11635.html

References

CVE:CVE-2026-41651
DEBIAN:DLA-4545
DEBIAN:DSA-6226
EUVD:EUVD-2026-24742
FEDORA:FEDORA-2026-41926FE792
FEDORA:FEDORA-2026-6C121B3D4C
FEDORA:FEDORA-2026-7463CD3C32
GITHUB:GHSA-F55J-VVR9-69XV
ORACLELINUX:ELSA-2026-11504
ORACLELINUX:ELSA-2026-11635
REDHAT:RHSA-2026:11504
REDHAT:RHSA-2026:11635
REDHAT-BUG:2460604
SUSE:SUSE-SU-2026:1619-1
UBUNTU:USN-8195-3
VULNAME:PACK2THEROOT

Disclaimer

*The probability of an attack is determined by the attacker's motivation, the necessary expend and the possibilities for an attack. The damage probability is determined by the expend needed to resolute the attack and probable indirect consequences of an attack for business processes. Telekom Security assumes worst case scenarios.

Copyright © 1999-2026 Deutsche Telekom Security GmbH. All rights reserved. Reproduction and distribution of this publication in any form - even in parts - without prior written permission is forbidden.

The information contained herein has been obtained from sources believed to be reliable and trusted or have been verified. Telekom Security can take liability for completeness, accuracy and correctness only in so far, as gross negligence or intention create liability. Any liability beyond it, in particular possible damages resulting from using or non-usability of the information contained herein, is excluded.