{"id":235207,"date":"2026-04-24T13:28:00","date_gmt":"2026-04-24T17:28:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/24\/new-pack2theroot-flaw-gives-hackers-root-linux-access\/"},"modified":"2026-04-24T14:15:10","modified_gmt":"2026-04-24T18:15:10","slug":"new-pack2theroot-flaw-gives-hackers-root-linux-access","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/24\/new-pack2theroot-flaw-gives-hackers-root-linux-access\/","title":{"rendered":"New \u2018Pack2TheRoot\u2019 flaw gives hackers root Linux access"},"content":{"rendered":"

New \u2018Pack2TheRoot\u2019 flaw gives hackers root Linux access<\/a><\/p>\n

https:\/\/www.bleepingcomputer.com\/news\/security\/new-pack2theroot-flaw-gives-hackers-root-linux-access\/<\/a><\/p>\n

Publish Date: 2026-04-24 13:28:00<\/a><\/p>\n

Source Domain: www.bleepingcomputer.com<\/a><\/p>\n

\n

A new vulnerability dubbed\u00a0Pack2TheRoot could be exploited in the\u00a0PackageKit daemon to allow\u00a0local Linux users to install or remove system packages and gain root permissions.<\/p>\n

The flaw is identified as CVE-2026-41651 and received a medium-severity rating of 8.8 out of 10. It has persisted for almost 12 years in the PackageKit daemon,\u00a0a background service that manages software installation, updates, and removal across Linux systems.<\/p>\n

Earlier this week, some information about the vulnerability has been published,\u00a0along with\u00a0PackageKit version 1.3.5\u00a0that addresses the issue. However, technical details and a demo exploit have been not been disclosed to allow the patches to propagate.<\/p>\n

\"image\"<\/p>\n

An investigation from the\u00a0Deutsche Telekom Red Team\u00a0uncovered that the cause of the bug is the mechanism\u00a0PackageKit uses to handle package management requests.<\/p>\n

Specifically, the researchers found that commands like \u2018pkcon install\u2019 could execute without requiring authentication under certain conditions on a Fedora system, allowing them to install a system package.<\/p>\n

Using\u00a0the Claude Opus AI tool, they further explored the potential for exploiting this behavior and discovered CVE-2026-41651.<\/p>\n

\"RedactedRedacted PoC exploit for Pack2TheRoot<\/strong>
Source: Deutsche Telekom<\/p>\n

Impact and fixes<\/h3>\n

Deutsche Telekom’s Red Team reported their findings to Red Hat and PackageKit maintainers on April 8. They\u00a0state that it\u2019s safe to assume that all distributions that come with PackageKit pre-installed and enabled out-of-the-box are vulnerable to CVE-2026-41651.<\/p>\n

The vulnerability has been present in PackageKit\u00a0version 1.0.2, released in November 2014, and affects all versions through 1.3.4, according to the project’s security advisory.<\/p>\n

Researchers’ testing have confirmed that an attacker could exploit the the CVE-2026-41651 vulnerability in the following Linux distributions:<\/p>\n