HIGHCVE-2026-3888Published 2026-03-17Modified 2026-03-18CNA canonical

CVE-2026-3888: Local Privilege Escalation in snapd

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: 2.61.4ubuntu0.16.04.1+esm2
Affected Products: 6

Fix available

2.61.4ubuntu0.16.04.1+esm22.61.4ubuntu0.18.04.1+esm22.67.1+20.04ubuntu1~esm12.73+ubuntu22.04.12.73+ubuntu24.04.22.75.1

Affected packages

unknown
< 2.75.1 (from 0)
Canonical / Ubuntu 16.04 LTS
Fixed in 2.61.4ubuntu0.16.04.1+esm2
Canonical / Ubuntu 18.04 LTS
Fixed in 2.61.4ubuntu0.18.04.1+esm2
Canonical / Ubuntu 20.04 LTS
Fixed in 2.67.1+20.04ubuntu1~esm1
Canonical / Ubuntu 22.04 LTS
Fixed in 2.73+ubuntu22.04.1
Canonical / Ubuntu 24.04 LTS
Fixed in 2.73+ubuntu24.04.2

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

References

Metrics

Fix available