A newly identified local privilege escalation vulnerability, tracked as CVE-2026-3888, affects default installations of Ubuntu Desktop 24.04 and later, enabling attackers to gain full root access. According to Qualys Threat Research Unit, the issue stems from how snap-confine and systemd-tmpfiles operate together under certain conditions and is exposed by a timing-based attack chain.
Attackers exploit automated system cleanup processes to replace critical directories with malicious content, waiting for temporary file cleanup that occurs after 10–30 days, recreating a deleted directory with malicious payloads, and then triggering snap-confine to execute these files with root privileges, with no user interaction required. The vulnerability has a CVSS score of 7.8, and while it requires a timing window and some patience, the potential impact is a complete system compromise.
Users and organisations are advised to upgrade to patched versions, including Ubuntu 24.04 LTS with snapd 2.73+ubuntu24.04.2 or later, and other listed releases, as a precautionary measure.