Pack2TheRoot flaw allows Linux privilege escalation

A vulnerability dubbed Pack2TheRoot, identified as CVE-2026-41651, has been publicly disclosed, enabling unprivileged local users to gain root access on affected Linux systems. This flaw, which has persisted for nearly 12 years, allows unauthorized installation or removal of system packages. The vulnerability was discovered by Deutsche Telekom's Red Team and has a high severity rating with a CVSS score of 8.8, as reported by Security Affairs.

The Pack2TheRoot vulnerability resides within the PackageKit daemon, a package management abstraction layer used across multiple Linux distributions. Versions from 1.0.2 to 1.3.4 are affected, impacting default installations on systems like Fedora, Ubuntu, and Debian. Researchers found that PackageKit could execute commands such as "pkcon install" without requiring a password on certain configurations, thereby facilitating privilege escalation.

Deutsche Telekom's team utilized the AI tool Claude Opus to further investigate the issue before responsibly disclosing it to maintainers, who have since validated the flaw and released a fix in PackageKit version 1.3.5. While a fix is available in PackageKit 1.3.5, the onus is now on Linux distributions and system administrators to deploy patches promptly to mitigate the risk of exploitation.

Source: Security Affairs