Ubuntu's Snap Affected By Local Privilege Escalation Vulnerability
Last week it was security issues with AppArmor to worry about on Ubuntu Linux while this week a "high" rated vulnerability for Ubuntu's Snap daemon has been revealed.
CVE-2026-3888 was made public yesterday as a local privilege escalation affecting Snapd on ubuntu. Those with local user access can obtain root privileges by recreating Snap's private /tmp directory when systemd-tmpfiles is enabled. The CVE report notes:
The CVSS3 severity score puts it into the 7.8 "high" category.
The announcement of this local privilege escalation has led to updates being applied to Ubuntu 25.10 and all Ubuntu LTS releases back to Ubuntu 16.04 LTS. Ubuntu 24.04 LTS and Ubuntu 25.10 are affected out-of-the-box with the default settings while Ubuntu 22.04 LTS and older are only affected in non-default configurations.
CVE-2026-3888 was made public yesterday as a local privilege escalation affecting Snapd on ubuntu. Those with local user access can obtain root privileges by recreating Snap's private /tmp directory when systemd-tmpfiles is enabled. The CVE report notes:
"Qualys discovered that snapd incorrectly handled certain operations in the snapβs private /tmp directory. If systemd-tmpfiles is enabled to automatically clean up this directory, a local attacker could possibly use this issue to re-create the deleted directory, resulting in privilege escalation."
The CVSS3 severity score puts it into the 7.8 "high" category.
The announcement of this local privilege escalation has led to updates being applied to Ubuntu 25.10 and all Ubuntu LTS releases back to Ubuntu 16.04 LTS. Ubuntu 24.04 LTS and Ubuntu 25.10 are affected out-of-the-box with the default settings while Ubuntu 22.04 LTS and older are only affected in non-default configurations.