Astra Linux – Vulnerability in PackageKit

PackageKit’s apt backend mistakenly treats all local deb files as trustworthy. The apt security model is based on repository trust, not the contents of individual files. On sites where PolicyKit rules are configured, this could allow users to install malicious packages...

Updated packagekit packages fix security vulnerability

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root. CVE-2026-41651...

MGASA-2026-0180 Updated packagekit packages fix security vulnerability

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root. CVE-2026-41651...

ROS-20260609-73-0005

The vulnerability of the PackageKit package manager is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the system with root privileges...

RHEL 7 : PackageKit (RHSA-2026:22146)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22146 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

RockyLinux 10 : PackageKit (RLSA-2026:19141)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19141 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...

SUSE CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

Linux Distros Unpatched Vulnerability : CVE-2026-10294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such...

RHSA-2026:22146 Red Hat Security Advisory: PackageKit security update

Bulletin has no description...

EUVD-2026-33818

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

DEBIAN-CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

UBUNTU-CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-10294

CVE-2026-10294 affects PackageKit up to 1.3.5. The vulnerable component is the API function g_file_test in src/pk-transaction.c. Manipulation of the argument frontend-socket leads to improper authorization. The issue can be exploited remotely, and the exploit has been disclosed publicly and may b...

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-10294 PackageKit API pk-transaction.c g_file_test improper authorization

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-10294 PackageKit API pk-transaction.c g_file_test improper authorization

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

Important: Red Hat Security Advisory: PackageKit security update

An update for PackageKit is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...