CP
cyberpings

Critical Pack2TheRoot Vulnerability Lets Attackers Gain Root

A critical vulnerability in PackageKit allows local users to gain root access on Linux systems. This flaw affects multiple distributions and requires immediate patching. Exploitation is easy, making it a significant risk.

VulnerabilitiesHIGHUpdated: Published:
Featured image for Critical Pack2TheRoot Vulnerability Lets Attackers Gain Root

Original Reporting

CSCyber Security News·Guru Baran

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, a flaw in Linux lets anyone with local access become the system boss without a password.

What Happened

A serious vulnerability, known as Pack2TheRoot (CVE-2026-41651), has been disclosed by Deutsche Telekom’s Red Team. This flaw affects multiple major Linux distributions and allows any local unprivileged user to gain full root access without needing a password. The vulnerability is found in the PackageKit daemon, a widely used package management tool across various Linux systems.

Who's Affected

The vulnerability impacts several Linux distributions, including: This broad reach means that many systems could be at risk, especially those running default installations of these distributions.

🏭

Ubuntu (Desktop and Server)

🏥

Debian

🏦

Fedora

🏛️

Rocky Linux

What Data Was Exposed

While the vulnerability primarily allows for privilege escalation, it can enable attackers to silently install malicious packages or remove essential security components. This can lead to complete system compromise, affecting the integrity and availability of the system.

What You Should Do

System administrators should take immediate action to mitigate this vulnerability:

Containment

  • 1.Update PackageKit to version 1.3.5 or later, which addresses this flaw.
  • 2.Check if your system is vulnerable using these commands:
  • 3.For Debian/Ubuntu: dpkg -l | grep -i packagekit

Remediation

  • 4.For RPM-based systems: rpm -qa | grep -i packagekit
  • 5.Check the daemon status: systemctl status packagekit
  • 6.Monitor system logs for signs of exploitation, specifically looking for assertion failures in the PackageKit daemon.

Technical Details

The vulnerability was discovered during research into local privilege escalation vectors. It was found that the pkcon install command could execute without prompting for a password, leading to the exploit. A proof-of-concept (PoC) exists but is not publicly disclosed at this time.

Mitigation

Distributions have released patched versions, and administrators are urged to apply these updates immediately, especially for servers exposed to the internet. Monitoring for specific log signatures can help detect attempts to exploit this vulnerability.

🔒 Pro Insight

🔒 Pro insight: The widespread nature of this vulnerability across major Linux distributions underscores the need for proactive patch management in enterprise environments.

CSCyber Security News· Guru Baran
Read Original

Share

Related Pings

Preview image for RedSun Vulnerability - Critical Risk in Microsoft Defender
Vulnerabilities
CRITICAL

RedSun Vulnerability - Critical Risk in Microsoft Defender

A critical zero-day vulnerability in Microsoft Defender allows low-privileged users to gain SYSTEM access. No patch is available, making immediate mitigation essential. Learn how to protect your systems now.

QLQualys Blog
Read PingRead Source
Preview image for Microsoft GitHub RCE Vulnerability - Critical Flaw Fixed
Vulnerabilities
HIGH

Microsoft GitHub RCE Vulnerability - Critical Flaw Fixed

A critical flaw in a Microsoft GitHub repository allowed remote code execution via issue submissions. This vulnerability could have exposed sensitive tokens, risking significant misuse. Microsoft has since fixed the issue, but it highlights the need for better security practices.

SCSC Media
Read PingRead Source
Preview image for AVAST Antivirus 25.11 - Critical Unquoted Service Path Flaw
Vulnerabilities
HIGH

AVAST Antivirus 25.11 - Critical Unquoted Service Path Flaw

A critical vulnerability in AVAST Antivirus 25.11 allows local users to execute code with elevated privileges. This flaw poses serious security risks, prompting immediate attention from users. Stay informed about potential patches and safeguard your system.

EDExploit-DB
Read PingRead Source
Preview image for Throttlestop Kernel Driver - Privilege Escalation Vulnerability
Vulnerabilities
HIGH

Throttlestop Kernel Driver - Privilege Escalation Vulnerability

A critical vulnerability in the Throttlestop kernel driver could allow attackers to gain elevated privileges on Windows systems. This poses a significant security risk. Users should take immediate action to protect their systems.

EDExploit-DB
Read PingRead Source
Preview image for Anthropic Bets on EPSS to Manage Vulnerability Surge
Vulnerabilities
HIGH

Anthropic Bets on EPSS to Manage Vulnerability Surge

Anthropic's Mythos accelerates vulnerability discovery, prompting a need for effective prioritization. EPSS offers a way to manage the influx of new vulnerabilities. Security leaders are adapting to this rapid change, but challenges remain in critical sectors.

CSCSO Online
Read PingRead Source
Preview image for Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution
Vulnerabilities
CRITICAL

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution

A critical flaw in Cohere AI's Terrarium sandbox allows attackers to execute code with root privileges. This poses a significant risk to sensitive data. Users are urged to take immediate action to secure their systems.

THThe Hacker News
Read PingRead Source