Pack2TheRoot Flaw Lets Local Linux Users Gain Root via PackageKit

April 25, 2026 at 05:14 PM

•

1 min read

Pack2TheRoot Flaw Lets Local Linux Users Gain Root via PackageKit — Photo: BleepingComputer

TL;DR Summary

A high‑severity vulnerability in the PackageKit daemon, named Pack2TheRoot (CVE-2026-41651), could allow a local Linux user to install or remove system packages with root privileges without proper authentication. The flaw spans PackageKit versions 1.0.2 through 1.3.4 and is fixed in 1.3.5; researchers warn that many distros using PackageKit could be affected. Users should upgrade to PackageKit 1.3.5 and verify installations using commands like dpkg -l | grep -i packagekit or rpm -qa | grep -i packagekit, and ensure the PackageKit daemon is running (systemctl status packagekit or pkmon). Patch details have not been disclosed to aid propagation, and exploitation could crash the daemon, making indicators visible in logs.

Topics:technology #linux #packagekit #root-access #security #vulnerability

Share this article

New ‘Pack2TheRoot’ flaw gives hackers root Linux access BleepingComputer
Critical Vulnerability Exposes Linux Systems To Root-Level Takeover LinkedIn
Critical Pack2TheRoot Vulnerability Let Attackers Gain Root Access or Compromise the System CyberSecurityNews
12-year-old Pack2TheRoot bug lets Linux users gain root privileges Security Affairs
Pack2TheRoot Flaw Lets Root to Any Linux User — Ubuntu, Debian, Fedora at Risk cyberkendra.com

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

86%

746 → 108 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights