Ubuntu patches timer-based root access (CVE-2026-3888)
Ubuntu Desktop 24.04+ is patched for CVE-2026-3888, a high-severity local privilege-escalation that can occur via a timing window in systemd-tmpfiles cleanup interacting with snap-confine. An unprivileged attacker could wait for the cleanup to delete /tmp/.snap, recreate it with a payload, and have it bound as root on the next sandbox initialization. Patches are available through updated snapd versions across Ubuntu 24.04.x, 25.10.x, 26.04.x, and upstream; exploitation requires a 10–30 day window and no user interaction. The report also notes a separate race-condition in uutils coreutils that could enable root-level file operations during cron, mitigated by reverting rm to GNU coreutils in Ubuntu 25.10 and applying upstream uutils fixes. Users should apply the patched snapd updates to mitigate risk.
- Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit The Hacker News
- CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root Qualys
- New Ubuntu Flaw Enables Local Attackers to Gain Root Access Infosecurity Magazine
- Ubuntu Desktop Systems Vulnerability Enables Attackers to Gain Full Root Access CyberSecurityNews
- Qualys Threat Research Unit Discovers Critical Vulnerability in Ubuntu Operating System CXO Digitalpulse
Reading Insights
0
3
2 min
vs 3 min read
72%
425 → 118 words
Want the full story? Read the original article
Read on The Hacker News