A serious security vulnerability has recently been discovered in PackageKit, a widely used component in many Linux distributions. The vulnerability, tracked as CVE-2026-41651 and commonly referred to as “Pack2TheRoot”, allows local users to gain root privileges under certain conditions.
This issue is considered highly critical for system administrators, hosting providers and anyone running Linux systems.
---
1. What is PackageKit?
PackageKit is a system service used on many Linux distributions to manage software installation, updates and removal. It acts as a D-Bus abstraction layer, allowing applications to interact with the package manager in a unified way.
It is commonly used in:
- Desktop environments (GNOME, KDE)
- Software centers
- Some server management tools
2. Overview of the Vulnerability
The vulnerability affects PackageKit versions:
- 1.0.2 up to 1.3.4