Nixpkgs security tracker

Untriaged

Permalink CVE-2026-3888

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Local Privilege Escalation in snapd

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

References

https://ubuntu.com/security/CVE-2026-3888 issue-trackingvdb-entry
https://ubuntu.com/security/notices/USN-8102-1 vendor-advisory
https://discourse.ubuntu.com/t/snapd-local-privilege-escalation-cve-2026-3888 technical-descriptionvendor-advisory
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-388… media-coveragetechnical-description
https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt media-coveragetechnical-description

Affected products

snapd

<2.75.1
*

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler