Researchers demonstrated in the article that the Pack2TheRoot vulnerability (CVE-2026-41651, CVSSv3.1: 8.8) in the PackageKit daemon allows a local unprivileged user to obtain root access. The issue is related to the fact that pkcon install can install system packages without proper permission checks, which opens the way for unauthorized installation or removal of packages and subsequent system compromise.

Affected versions are PackageKit from 1.0.2 to 1.3.4. Exploitation has been confirmed on distributions using apt and dnf in default configurations. The attack requires only local access without elevated privileges. The result is full control over the system with root rights.

📎 Article: https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html

🛠 PoC: https://github.com/Vozec/CVE-2026-41651 

💬 Discuss

Pack2TheRoot: local privilege escalation via PackageKit