VYPR
High severity7.8NVD Advisory· Published Mar 17, 2026· Updated Jun 4, 2026

CVE-2026-3888

CVE-2026-3888

Description

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*+ 4 more
    • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*
  • Qualitor/snapdllm-create
  • Ubuntu/snapdllm-create

Patches

Vulnerability mechanics

References

6

News mentions

1