CVE-2026-41651 – PackageKit
CVSS 8.8
IMPORTANT
“A trusted system service became a fast track to full system control.”
PackageKit patched a high-severity vulnerability that allowed local attackers to escalate privileges through improper authorization handling. The flaw could be exploited to gain elevated system access, effectively bypassing standard permission controls and exposing the host to full compromise. CVE-2026-41651 has a CVSS score of 8.8, which is High severity.
Proof-of-concept code is publicly available, increasing the likelihood of exploitation in real environments. Systems that rely on PackageKit for software management are especially exposed, as the vulnerability sits in a core service often running with elevated privileges.
Key Details
- Affected Product
- Packagekit Project Packagekit
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-367
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.