D-Bus Abstraction Layer Vulnerability in PackageKit from Vendor PackageKit
CVE-2026-41651

8.8HIGH

Key Information:

Vendor: Packagekit
Status: Packagekit
Vendor: CVE Published:; 22 April 2026

Badges

🥇 Trended No. 1📈 Trended📈 Score: 4,180👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2026-41651?

CVE-2026-41651 is a serious vulnerability identified in the PackageKit software, which serves as a D-Bus abstraction layer for package management across different Linux distributions. Its core purpose is to provide a unified API for installing, managing, and removing software packages securely. The vulnerability stems from a time-of-check time-of-use (TOCTOU) race condition concerning transaction flags within the PackageKit system. This flaw allows an unprivileged local user to execute arbitrary RPM packages as the root user, effectively escalating their privileges without needing authentication. Specifically, the compromise arises due to a sequence of errors in package transaction handling that results in corrupted transaction states, enabling unauthorized access to system resources.

The underlying issues include a lack of validation when overwriting transaction flags and insufficient state management for transactions, which can result in the execution of harmful scripts packaged within RPM files. This vulnerability highlights significant risks for organizations using PackageKit, as it opens the door to unauthorized administrative actions and potential exploits that could impact system integrity.

Potential impact of CVE-2026-41651

Local Privilege Escalation: The vulnerability can be exploited by unprivileged users to gain root access, allowing them to execute arbitrary code with elevated permissions, potentially leading to system manipulation or compromise.
Unauthorized Package Installation: Attackers could install malicious packages or execute harmful scripts that could disrupt normal system operations, leading to system instability or malware deployment.
Data Integrity Risks: By gaining unauthorized access and control, attackers may alter or delete critical system files and data, posing significant risks to an organization's data integrity and security framework.

Affected Version(s)

PackageKit >= 1.0.2, <= 1.3.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

pack2theroot-lab
Created by dinosn

CVE-2026-41651
Created by baph00met

CVE-2026-41651
Created by 0xBlackash

News Articles

BleepingComputer

CVE-2026-41651

New ‘Pack2TheRoot’ flaw gives hackers root Linux access

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions.