March, 2026: The Qualys Threat Research Unit (TRU) today announced the discovery of a critical vulnerability, CVE-2026-3888, impacting Ubuntu systems’ default installations of Desktop version 24.04 and later. The flaw allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles.
The flaw affects Ubuntu systems where Snap ecosystem is installed and enabled. snapd is the background service that manages the entire Snap ecosystem on Ubuntu. It handles discovery, installation, updates, and removal of snap packages while systemd-tmpfiles manages the lifecycle of volatile directories. Since the vulnerability can be exploited by any local user without requiring administrative privileges, it presents a significant risk, particularly in multi-user environments. While the exploit requires a specific time-based window (10–30 days), the resulting impact is a complete compromise of the host system.
The vulnerability specifically stems from how temporary directories associated with snap are managed and cleaned up. Under certain conditions, this behavior can be leveraged by an attacker to influence file system operations performed by snap-confine, enabling unauthorized access to privileged resources.
Qualys outlined the following snapd package versions that are vulnerable and advised that organizations should immediately upgrade to the listed patched releases, especially those running Ubuntu Desktop >= 24.04.
· Ubuntu 24.04 LTS: snapd versions prior to 2.73+ubuntu24.04.1
· Ubuntu 25.10 LTS: snapd versions prior to 2.73+ubuntu25.10.1
· Ubuntu 26.04 LTS (Dev): snapd versions prior to 2.74.1+ubuntu26.04.1
· Upstream snapd: versions prior to 2.75
For Detecting the CVE-2026-3888, Qualys is releasing the QID – 386810 titled as Ubuntu Snapd Local Privilege Escalation (LPE) Vulnerability.
Before Ubuntu Desktop 25.10 was released to the public, Qualys Threat Research Unit assisted Ubuntu’s security team to detect vulnerabilities. During that review, they spotted a separate flaw – uutils coreutils package (a Rust rewrite of standard GNU utilities), if exploited, could allow an attacker to delete critical files or escalate privileges to gain full control of the system.
The discovery underscores the security risks that can arise from unintended interactions between trusted system components, where standard functionality can be manipulated to bypass security boundaries.
 today announced the discovery of a critical vulnerability, CVE-2026-3888, impacting Ubuntu){kind=link}