Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages. The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared first on SecurityWeek.
An easily exploitable, high-severity vulnerability in the PackageKit cross-distro package management abstraction layer allows unprivileged users to install packages with root privileges.
Tracked as CVE-2026-41651 (CVSS score of 8.1), the flaw is described as a time-of-check time-of-use (TOCTOU) race condition on transaction flags.
Referred to as Pack2TheRoot, the bug is a combination of three issues, where caller-supplied flags are written without checking if the transaction is authorized or even when the transaction is running.
Related breach coverage
- Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months2026-04-30
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek.
- ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover2026-04-30
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions. The post ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover appeared first on SecurityWeek.
- Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure2026-04-29
The vulnerability allows attackers to read data from a LiteLLM proxy’s database and potentially modify it. The post Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure appeared first on SecurityWeek.
- Firefox Vulnerability Allows Tor User Fingerprinting2026-04-27
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first on SecurityWeek.