{"id":236715,"date":"2026-04-28T13:22:00","date_gmt":"2026-04-28T17:22:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/28\/pack2theroot-12-year-old-linux-packagekit-flaw-enables-full-compromise\/"},"modified":"2026-04-28T14:15:10","modified_gmt":"2026-04-28T18:15:10","slug":"pack2theroot-12-year-old-linux-packagekit-flaw-enables-full-compromise","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/28\/pack2theroot-12-year-old-linux-packagekit-flaw-enables-full-compromise\/","title":{"rendered":"Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise"},"content":{"rendered":"<p><a href=\"https:\/\/hackread.com\/pack2theroot-linux-packagekit-flaw-full-compromise\/\">Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise<\/a><\/p>\n<p><a href=\"https:\/\/hackread.com\/pack2theroot-linux-packagekit-flaw-full-compromise\/\">https:\/\/hackread.com\/pack2theroot-linux-packagekit-flaw-full-compromise\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-28 13:22:00<\/a><\/p>\n<p>Source Domain: <a href=\"hackread.com\">hackread.com<\/a><\/p>\n<p>Researchers from Deutsche Telekom\u2019s Red Team have identified a high-severity security flaw in PackageKit, the software that helps in managing packages across different Linux systems. The flaw, dubbed Pack2TheRoot and tracked as CVE-2026-41651 with CVSS 3.1: 8.8, is a serious issue as it allows an unprivileged user to gain root access on a computer.<\/p>\n<p>Pack2TheRoot was discovered in 2025 after the team noticed the \u2018pkcon install\u2019 command on Fedora Workstation functioning without a password. By using Anthropic\u2019s Claude Opus to identify a specific privilege escalation vector, they found that this flaw lies deep within the PackageKit daemon background service, which handles software installations, and could be triggered in seconds.<\/p>\n<p>\u201cThe vulnerability enables an unprivileged attacker to install or remove system packages without authorization. This can be exploited to gain full root access or compromise the system in other ways,\u201d the team explained in the blog post.<\/p>\n<h3 id=\"the-technical-exploit\" class=\"wp-block-heading\"><strong>The technical exploit<\/strong><\/h3>\n<p>According to the Red Team\u2019s research, the problem is a Time-of-Check Time-of-Use (TOCTOU) race condition located in the src\/pk-transaction.c file. It happens because of three main errors in the code of the PackageKit daemon. Firstly, the InstallFiles() function lets new instructions overwrite old ones even while a process is already running. <\/p>\n<p>Then, the system fails to block the software from moving backwards into an insecure state once instructions are corrupted. And lastly, the system waits until the very last moment to read security flags instead of checking them at the start.<\/p>\n<p>These errors, the researcher explained, can be exploited by a hacker to install their own RPM packages and run RPM scriptlets, allowing them to obtain Local Privilege Escalation (LPE). This means that an unprivileged local user can become a system administrator without authentication. <\/p>\n<p>Although this attack occurs quickly, it can still leave a trace because the PackageKit&#8230;<\/p>\n<p><a href=\"https:\/\/hackread.com\/pack2theroot-linux-packagekit-flaw-full-compromise\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise https:\/\/hackread.com\/pack2theroot-linux-packagekit-flaw-full-compromise\/ Publish Date: 2026-04-28 13:22:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":236716,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/hackread.com\/wp-content\/uploads\/2026\/04\/pack2theroot-linux-packagekit-flaw-full-compromise.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[90,31,97,89,35,71,57,27],"class_list":["post-236715","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-cve","tag-exploit","tag-fedora","tag-flaw","tag-hacker","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236715"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=236715"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236715\/revisions"}],"predecessor-version":[{"id":236717,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236715\/revisions\/236717"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/236716"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=236715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=236715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=236715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}