CVE- 2026-3888 affects Ubuntu Desktop 24.04 and later, with Qualys researchers identifying a high-severity local privilege escalation that could allow an unprivileged attacker to gain root access via a systemd timing exploit. According to Qualys Threat Research Unit, the flaw involves a cleanup window of 10–30 days and stems from how snap-confine and systemd-tmpfiles interact to remove old temporary files.
The advisory notes that a successful exploit would enable full control of the host by manipulating the timing of the cleanup cycle and then recreating a key directory with malicious payloads during the next sandbox initialisation. The CVSS score is 7.8, signifying high severity, and the vulnerability requires local access and precise timing to achieve compromise.
The advisory also states that multiple snapd versions are affected and urges users running Ubuntu Desktop 24.04+ to update to patched releases (2.73+ or later; upstream fixes apply to versions below 2.75). A separate note mentions a timing-related issue in the uutils package that was mitigated before the Ubuntu 25.10 release.