{"id":235906,"date":"2026-04-25T06:09:45","date_gmt":"2026-04-25T11:09:45","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/04\/new-pack2theroot-flaw-gives-hackers-root-linux-access"},"modified":"2026-04-25T06:09:45","modified_gmt":"2026-04-25T11:09:45","slug":"new-pack2theroot-flaw-gives-hackers-root-linux-access","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/04\/new-pack2theroot-flaw-gives-hackers-root-linux-access","title":{"rendered":"New \u2018Pack2TheRoot\u2019 flaw gives hackers root Linux access"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/new-pack2theroot-flaw-gives-hackers-root-linux-access2.jpg\"><\/a><\/p>\n<p>A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions.<\/p>\n<p>The flaw is identified as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-41651\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2026\u201341651<\/a> and received a high-severity rating of 8.8 out of 10. It has persisted for almost 12 years in the PackageKit daemon, a background service that manages software installation, updates, and removal across Linux systems.<\/p>\n<p>Earlier this week, some information about the vulnerability has been published, along with <a href=\"http:\/\/github.com\/PackageKit\/PackageKit\/releases\/tag\/v1.3.5\" target=\"_blank\" rel=\"nofollow noopener\">PackageKit version 1.3.5<\/a> that addresses the issue. However, technical details and a demo exploit have been not been disclosed to allow the patches to propagate.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. The flaw is identified as CVE-2026\u201341651 and received a high-severity rating of 8.8 out of 10. It has persisted for almost 12 years in the PackageKit daemon, a [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1523],"tags":[],"class_list":["post-235906","post","type-post","status-publish","format-standard","hentry","category-computing"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/235906","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=235906"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/235906\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=235906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=235906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=235906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}