PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-3888 Canonical CVE debrief

CVE-2026-3888 is a local privilege escalation vulnerability in snapd on Linux systems. The vulnerability allows local attackers to gain root privileges by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects multiple versions of Ubuntu, including 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

Vendor
Canonical
Product
Ubuntu 16.04 LTS
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-17
Original CVE updated
2026-06-04
Advisory published
2026-03-17
Advisory updated
2026-06-04

Who should care

System administrators and users of Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS who use snapd on Linux systems.

Technical summary

The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. The CVSS vector is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. The weakness associated with this vulnerability is CWE-268.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by Canonical to address the vulnerability.
  • Review and adjust systemd-tmpfiles configurations to prevent exploitation.
  • Monitor systems for suspicious activity related to snapd and /tmp directory manipulation.

Evidence notes

Evidence from NVD and CVE.org confirms the vulnerability details and affected systems.

Official resources

CVE-2026-3888 was published on 2026-03-17T14:16:17.410Z and modified on 2026-06-04T14:43:01.973Z.