CVE-2026-3888 Allows Local Users Gain Root Via Snapd

posted by Roy Schestowitz on Mar 19, 2026,
updated Mar 21, 2026

• Qualys ☛ CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root

  The Qualys Threat Research Unit has identified a Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles.

• LWN ☛ Local-privilege escalation in snapd

  Qualys has discovered a local-privilege escalation (LPE) vulnerability affecting Ubuntu Desktop 24.04 and later: [...]

• Hacker News ☛ Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

  A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level.

  Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system.

• InfoSecurity Magazine ☛ New Ubuntu Flaw Enables Local Attackers to Gain Root Access

  A newly identified local privilege escalation (LPE) vulnerability has been discovered affecting default installations of Ubuntu Desktop 24.04 and later, allowing attackers to gain full root access.

  The flaw, tracked as CVE-2026-3888, stems from the interaction between two core system components and was uncovered by the Qualys Threat Research Unit.

  The issue arises from how snap-confine and systemd-tmpfiles operate together under certain conditions. While exploitation requires patience due to a built-in delay, the potential outcome is a complete system compromise.

• Security Affairs ☛ CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit

  Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity.

  Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control of vulnerable systems.

  The bug relies on a cleanup window of 10–30 days, but can ultimately lead to full system compromise. It stems from how snap-confine manages privileged execution and how systemd-tmpfiles removes old temporary files.

• IT Pro ☛ Ubuntu vulnerability exposes enterprises to root escalation, complete system compromise

  Just a week after revealing critical vulnerabilities in Linux’s AppArmor security layer, Qualys researchers are warning of a flaw affecting Ubuntu that can also allow an unprivileged user to gain full root access.

  The high‑severity Local Privilege Escalation vulnerability, tracked as CVE‑2026‑3888, affects default installations of Ubuntu Desktop 24.04 and later.

• Ubuntu Security Flaw Lets Hackers Gain Root Control

  Security researchers at Qualys have uncovered a high severity vulnerability in Ubuntu Desktop that allows local attackers to escalate privileges to root. The flaw is tied to how two core system components interact under specific timing conditions, creating a path for full system compromise.

• Qualys discloses Ubuntu Desktop local privilege escalation vulnerability CVE-2026-3888

  Security researchers at Qualys Threat Research Unit (TRU) have disclosed a local privilege escalation vulnerability affecting default installations of Ubuntu Desktop 24.04 and later.

• Qualys Threat Research Unit Discovers Critical Vulnerability in Ubuntu Operating System - CXO Digitalpulse

  March, 2026: The Qualys Threat Research Unit (TRU) today announced the discovery of a critical vulnerability, CVE-2026-3888, impacting Ubuntu

• Ubuntu snap flaw lets local users hijack root access

  Qualys has disclosed a local privilege escalation flaw in default installations of Ubuntu Desktop 24.04 and later that, under specific timing conditions, can allow an unprivileged user to gain full root access.

  Tracked as CVE-2026-3888, the vulnerability stems from an interaction between snap-confine and systemd-tmpfiles on systems where Snap is installed in its standard configuration, as is typical for Ubuntu Desktop.

  Qualys rated the flaw high severity, with a CVSS v3.1 score of 7.8 out of 10. The vector describes a local attack requiring low privileges and no user interaction. However, it has high attack complexity and can fully compromise confidentiality, integrity and availability.

Some more about this (a day later):

• Heise ☛ Ubuntu: root vulnerability via snapd

  A vulnerability in the default installations of Ubuntu Desktop allows attackers to gain root privileges on vulnerable systems. This allows malicious actors to fully compromise susceptible systems. Updated packages are available.

  IT researchers from Qualys discovered the vulnerability. In a blog post, they explain the problem, which is based on unintended interactions between two tools with elevated privileges. "snap-confine" is intended to isolate Snap apps in a kind of sandbox and ensure security, for example by setting up private namespaces with set-user-ID (SUID) root. The "systemd-tmpfiles" service cleans up temporary files and directories older than a defined period.

• Ubuntu Desktop vulnerable to root privilege escalation via systemd exploit

  A critical vulnerability, identified as CVE-2026-3888, has been discovered in Ubuntu Desktop versions 24.04 and later, allowing local attackers to gain root privileges. The flaw, with a CVSS score of 7.8, exploits a timing issue within the systemd cleanup process, enabling an unprivileged user to escalate their access to the highest level of system control, according to a recent report by Security Affairs.

• Ubuntu Desktop Flaw Allows Full Root Access via systemd Exploit - NewsPress India

  A critical security vulnerability has been discovered in Ubuntu Desktop systems, allowing attackers to gain full root access through a flaw in systemd [...]

• Ubuntu: Root vulnerability in snapd leaves default installations vulnerable; fixes are available

  Canonical has confirmed a local privilege escalation vulnerability in snapd that could lead to root privileges on Ubuntu systems under certain conditions. The issue affects the interaction between snap-confine and systemd-tmpfiles. The vulnerability is tracked as CVE-2026-3888, and Canonical rates it as High with a CVSS score of 7.8. This is not a theoretical edge case, but a real root vulnerability on standard installations when the conditions are right.