Qualys Threat Research Unit has disclosed CVE-2026-3888, a local privilege escalation vulnerability in Ubuntu Desktop 24.04 and later. The flaw exploits an interaction between snap-confine (a setuid root binary) and systemd-tmpfiles: after a 10–30 day cleanup cycle deletes the /tmp/.snap directory, an attacker can recreate it with malicious payloads, which snap-confine then bind-mounts as root during sandbox initialization. The vulnerability carries a CVSS v3.1 score of 7.8 (High). Affected snapd versions span Ubuntu 24.04 LTS through upstream snapd pre-2.75. Patches are available and immediate upgrade is recommended. A secondary finding also identified a race condition in the uutils coreutils rm utility on Ubuntu 25.10, which was mitigated before release by reverting to GNU coreutils.
Table of contents
What is the attack surface for CVE-2026-3888?Exploitation Mechanism:Affected Versions & RemediationTechnical DetailsSecondary Finding: Vulnerability in Ubuntu 25.10 uutils CoreutilsQualys QID Coverage for Detecting the CVE-2026-3888:Discover Vulnerable Assets with Qualys CyberSecurity Asset ManagementEnhancing Your Security Posture with Qualys VMDR to Detect and Remediate the CVE-2026-3888 VulnerabilityAutomatically Patch CVE-2026-3888 with Qualys Patch ManagementSort: