CVE-2026-3888
Local Privilege Escalation in snapd via /tmp Directory Cleanup
Publication date: 2026-03-17
Last updated on: 2026-03-18
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubuntu | snapd | to 24.04 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-268 | Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue in snapd on Linux systems. It allows a local attacker to gain root privileges by re-creating snap's private /tmp directory when systemd-tmpfiles is set to automatically clean up this directory.
The problem occurs because the cleanup process can be exploited to replace or manipulate the private /tmp directory used by snap, enabling the attacker to escalate their privileges.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with limited privileges to gain full root access on affected Ubuntu systems. This means the attacker could take complete control of the system, potentially leading to unauthorized access to sensitive data, modification or deletion of files, installation of malicious software, and disruption of system operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know