CVE-2026-3888Privilege Chaining in Snapd

CWE-268Privilege Chaining11 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 99.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Snapcraft Snapd
Timeline
PublishedMar 17

Description

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages1 packages

Debiansnapcraft/snapd< 2.57.6-1+deb12u1+1

🔴Vulnerability Details

3
CVEList
Local Privilege Escalation in snapd2026-03-17
OSV
CVE-2026-3888: Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tm2026-03-17
GHSA
GHSA-grpw-jgrw-ccqr: Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tm2026-03-17

🔍Detection Rules

1
Elastic
Potential snap-confine Privilege Escalation via CVE-2026-3888

📋Vendor Advisories

3
Ubuntu
snapd vulnerability2026-03-17
Ubuntu
snapd regression2026-03-17
Debian
CVE-2026-3888: snapd - Local privilege escalation in snapd on Linux allows local attackers to get root ...2026

🕵️Threat Intelligence

3
Qualys
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root | Qualys2026-03-17
Qualys
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root2026-03-17
Wiz
CVE-2026-3888 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-3888 — Privilege Chaining in Snapcraft Snapd | cvebase