THREE critical CVEs were detected today: CVE-2026-58644, CVE-2026-25089, and CVE-2026-39808. The focus is on CVE-2026-11386, a vulnerability in the Ubuntu Pro Client that allows arbitrary code execution with root privileges, which was patched by Canonical in USN-8555-1. This vulnerability scores a CVSS of 9.0 and is significant due to its impact on a wide range of supported Ubuntu Server releases.
Attackers can exploit this vulnerability through undetected modifications in APT source files, necessitating a comprehensive system update to apply the fix. Canonical notes that while no exploitation has been confirmed, the attack complexity is rated as high. Additionally, Ubuntu version 25.10 is not patched as it has reached its end of life. Users are advised to update their systems to mitigate these risks.