CVE-2026-3888

Summary

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

Affected Software

VendorProductVersion RangeStatus
0 < 2.75.1affected
CanonicalUbuntu 16.04 LTS2.61.4ubuntu0.16.04.1+esm2 < *unaffected
CanonicalUbuntu 18.04 LTS2.61.4ubuntu0.18.04.1+esm2 < *unaffected
CanonicalUbuntu 20.04 LTS2.67.1+20.04ubuntu1~esm1 < *unaffected
CanonicalUbuntu 22.04 LTS2.73+ubuntu22.04.1 < *unaffected
CanonicalUbuntu 24.04 LTS2.73+ubuntu24.04.2 < *unaffected

Weaknesses

  • CWE-268: CWE-268 Privilege chaining

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References