Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

2026-03-18

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

A high-severity privilege escalation vulnerability (CVE-2026-3888, CVSS 7.8) affects default Ubuntu Desktop 24.04+ installations via a timing-based exploit chain.

•The flaw exploits an unintended interaction between snap-confine (snap app sandbox manager) and systemd-tmpfiles (temporary file cleanup daemon)
•An attacker waits 10–30 days for systemd-tmpfiles to delete /tmp/.snap, then recreates the directory with malicious payloads
•When snap-confine next initializes a sandbox, it bind-mounts the attacker's files as root, enabling arbitrary code execution with full root privileges
•The attack requires low privileges and no user interaction, though high complexity due to the time-delay requirement
•Patches are available in snapd 2.73+ (Ubuntu 24.04/25.10) and 2.74.1+ (Ubuntu 26.04 Dev); a separate race condition in uutils coreutils was also mitigated by reverting Ubuntu 25.10 to GNU coreutils

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture