HIGH
PackageKit
CVE published 2026-04-22
CVE-2026-41651
CVE-2026-41651 is a high-severity vulnerability in PackageKit, a D-Bus abstraction layer for package management. A local unprivileged user can exploit a TOCTOU (time-of-check time-of-use) race condition on transaction flags to install packages as root, leading to local privilege escalation. The vulnerability exists in PackageKit versions between and including 1.0.2 and 1.3.4, and is patched in version 1.3 [truncated]