The Qualys Threat Research Unit has identified a Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04…

Hacker News is a community-driven platform for sharing and discussing technology news, startups, and programming-related topics. Through user submissions and comments, Hacker News offers insights into emerging technology trends, industry developments, and entrepreneurial ventures. Readers can participate in discussions, share their insights, and stay informed about the latest advancements in technology and innovation.

Hacker News

Qualys Threat Research Unit has disclosed CVE-2026-3888, a local privilege escalation vulnerability in Ubuntu Desktop 24.04 and later. The flaw exploits an interaction between snap-confine (a setuid root binary) and systemd-tmpfiles: after a 10–30 day cleanup cycle deletes the /tmp/.snap directory, an attacker can recreate it with malicious payloads, which snap-confine then bind-mounts as root during sandbox initialization. The vulnerability carries a CVSS v3.1 score of 7.8 (High). Affected snapd versions span Ubuntu 24.04 LTS through upstream snapd pre-2.75. Patches are available and immediate upgrade is recommended. A secondary finding also identified a race condition in the uutils coreutils rm utility on Ubuntu 25.10, which was mitigated before release by reverting to GNU coreutils.

CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root

What is the attack surface for CVE-2026-3888?

Secondary Finding: Vulnerability in Ubuntu 25.10 uutils Coreutils

Qualys QID Coverage for Detecting the CVE-2026-3888:

Discover Vulnerable Assets with Qualys CyberSecurity Asset Management

Enhancing Your Security Posture with Qualys VMDR to Detect and Remediate the CVE-2026-3888 Vulnerability

Automatically Patch CVE-2026-3888 with Qualys Patch Management