TUX.RE Forum

Critical Linux Vulnerability in PackageKit – “Pack2TheRoot” Explained

A serious security vulnerability has recently been discovered in PackageKit, a widely used component in many Linux distributions. The vulnerability, tracked as CVE-2026-41651 and commonly referred to as “Pack2TheRoot”, allows local users to gain root privileges under certain conditions.

This issue is considered highly critical for system administrators, hosting providers and anyone running Linux systems.

---

1. What is PackageKit?

PackageKit is a system service used on many Linux distributions to manage software installation, updates and removal. It acts as a D-Bus abstraction layer, allowing applications to interact with the package manager in a unified way.

It is commonly used in:

• Desktop environments (GNOME, KDE)
• Software centers
• Some server management tools

---

2. Overview of the Vulnerability

The vulnerability affects PackageKit versions:

• 1.0.2 up to 1.3.4

The issue is a TOCTOU (Time-of-Check to T…login to view the rest of this post