ГлавнаяУязвимости → CVE-2026-3888
7.8высокая

CVE-2026-3888

→ есть в БДУ: BDU:2026-03419 (на русском)
Описание (на английском; русское — в БДУ выше)

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

Затрагиваемое ПО
Canonical Ubuntu linux
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Источники
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-roothttps://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txthttps://discourse.ubuntu.com/t/snapd-local-privilege-escalation-cve-2026-3888https://ubuntu.com/security/CVE-2026-3888https://ubuntu.com/security/notices/USN-8102-1http://www.openwall.com/lists/oss-security/2026/03/18/1