AI description
CVE-2026-3888 is a local privilege escalation vulnerability found in snapd on Linux systems. This flaw allows an unprivileged local attacker to gain root privileges. The vulnerability stems from an unintended interaction between two standard system components: `snap-confine`, which manages execution environments for snap applications, and `systemd-tmpfiles`, responsible for cleaning up temporary files and directories. Specifically, the issue occurs when `systemd-tmpfiles` is configured to automatically clean up snap's private `/tmp` directory. An attacker can exploit a race condition during this cleanup process to re-create the directory with malicious permissions or content before `snap-confine` utilizes it. While the exploit requires a specific time-based window, typically between 10 and 30 days, it can lead to a complete compromise of the host system. This vulnerability affects various Ubuntu versions, including 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.
- Description
- Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.
- Source
- security@ubuntu.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 6
- Exploitability score
- 1.1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- security@ubuntu.com
- CWE-268
- Hype score
- Not currently trending
NEW Videoo: CVE-2026-3888: Nginx-UI Backup Leak to Root Shell + CVE-2026-27944 Snap Copy-Fail Root New video covering a full Linux exploitation chain: Unauth API → Backup leak → Credential cracking → SSH → Snapd TOCTOU privesc → Root shell https://t.co/VjCTRiQlpy
@NullSecurityX
13 May 2026
5208 Impressions
13 Retweets
45 Likes
22 Bookmarks
1 Reply
1 Quote
Sorry everyone, I'm late (again) as I was taking the OSCP ! New HackTheBox walkthrough: Snapped Nginx UI CVE-2026-27944 backup extraction → bcrypt cracking → dual privesc paths (snap CVE-2026-3888 + kernel copy-fail CVE-2026-31431). Enjoy the video! https://t.co/23iQXDMVZ
@Strikoder
11 May 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-25253 2 - CVE-2026-3888 3 - CVE-2026-40372 4 - CVE-2025-59536 5 - CVE-2026-26144 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
23 Apr 2026
194 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-3888 2 - CVE-2025-31277 3 - CVE-2025-55182 4 - CVE-2026-20643 5 - CVE-2026-32746 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
19 Mar 2026
155 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes