home.social
Sign in Create account

#cve2026411651 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cve2026411651, aggregated by home.social.

  1. ZEN SecDB @[email protected] ·

    🚨 CVE-2026-41651 (Pack2TheRoot)

    PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

    PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #pack2theroot #cve2026411651 #packagekit #toctou

    #nttdata #zen #secdb #infosec #pack2theroot #cve2026411651
  2. ZEN SecDB @[email protected] ·

    🚨 CVE-2026-41651 (Pack2TheRoot)

    PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

    PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #pack2theroot #cve2026411651 #packagekit #toctou

    #nttdata #zen #secdb #infosec #pack2theroot #cve2026411651
  3. ZEN SecDB @[email protected] ·

    🚨 CVE-2026-41651 (Pack2TheRoot)

    PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

    PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #pack2theroot #cve2026411651 #packagekit #toctou

    #toctou #packagekit #cve2026411651 #pack2theroot #infosec #secdb