CVE-2026-3888
Local Privilege Escalation in snapd
Description
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.
INFO
Published Date :
March 17, 2026, 2:16 p.m.
Last Modified :
March 18, 2026, 4:17 a.m.
Remotely Exploit :
No
Source :
[email protected]
Affected Products
The following products are affected by CVE-2026-3888
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | cc1ad9ee-3454-478d-9317-d3e869d708bc | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Update the snapd package on affected systems.
- Restart the snapd service after updating.
- Verify the patch is applied successfully.
Public PoC/Exploit Available at Github
CVE-2026-3888 has a 14 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-3888.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-3888 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-3888
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
C
Linux LPE via snap-confine + systemd-tmpfiles, explained in depth
C
None
C
None
Python C
This is a script designed for deployment on ubuntu instances patching the CVE-2026-3888 exploit
Shell
This script demonstrates a race condition vulnerability in snapd that allows a local, unprivileged user to gain root privileges. The exploit works by recreating snap's private /tmp directory after it's cleaned up by systemd-tmpfiles, and tricking snap-confine into bind-mounting malicious files into the snap's sandbox.
Python
None
None
Python Shell TypeScript JavaScript Go Rust HTML EJS Svelte
try to ingest medium information
Python
None
Python C
Lobsters
Shell JavaScript HTML
Hacker News
HTML JavaScript Shell
Autoupdating readme.
Python
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-3888 vulnerability anywhere in the article.
-
The Hacker News
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a ... Read more
-
The Hacker News
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS sco ... Read more
-
CybersecurityNews
Ubuntu Desktop Systems Vulnerability Enables Attackers to Gain Full Root Access
Ubuntu Desktop Systems Vulnerability A Local Privilege Escalation (LPE) vulnerability in default installations of Ubuntu Desktop 24.04 and later allows an unprivileged local attacker to gain full root ... Read more
The following table lists the changes that have been made to the
CVE-2026-3888 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Mar. 18, 2026
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2026/03/18/1 -
CVE Modified by [email protected]
Mar. 18, 2026
Action Type Old Value New Value Added Reference https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root Added Reference https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt Added Reference https://discourse.ubuntu.com/t/snapd-local-privilege-escalation-cve-2026-3888 Added Reference https://ubuntu.com/security/notices/USN-8102-1 -
New CVE Received by [email protected]
Mar. 17, 2026
Action Type Old Value New Value Added Description Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS. Added CVSS V3.1 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Added CWE CWE-268 Added Reference https://ubuntu.com/security/CVE-2026-3888