AlmaLinux 9 : PackageKit (ALSA-2026:11504)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:11504 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...

Oracle Linux 8 : PackageKit (ELSA-2026-11635)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11635 advisory. - Backport fix for CVE-2026-41651. Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

AlmaLinux 8 : PackageKit (ALSA-2026:11635)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:11635 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...

RHEL 9 : PackageKit (RHSA-2026:11504)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11504 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...

RockyLinux 8 : PackageKit (RLSA-2026:11635)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:11635 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...

RockyLinux 9 : PackageKit (RLSA-2026:11504)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:11504 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...

RHEL 8 : PackageKit (RHSA-2026:11635)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11635 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...

Security update for PackageKit (important)

openSUSE security update: security update for packagekit ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20646-1 Rating: important References: bsc1262220 Cross-References: CVE-2026-41651 CVSS scores: CVE-2026-41651 SUSE : 8.8...

Oracle Linux 9 : PackageKit (ELSA-2026-11504)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11504 advisory. - Backport fix for CVE-2026-41651. Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Packagekit_Project Packagekit

CVE-2026-41651 - Pack2TheRoot Vulnerability Overview CV...

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

Important: Red Hat Security Advisory: PackageKit security update

An update for PackageKit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

OPENSUSE-SU-2026:20646-1 Security update for PackageKit

This update for PackageKit fixes the following issues: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220...

SUSE-SU-2026:21427-1 Security update for PackageKit

This update for PackageKit fixes the following issues: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220...

USN-8195-3: PackageKit vulnerability

USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding fix to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to...

USN-8195-3 packagekit vulnerability

USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding fix to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to...

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

Important: Red Hat Security Advisory: PackageKit security update

An update for PackageKit is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

PackageKit security update

1.1.12-8.0.1 - removed rhel-Vendor.conf.patch 1.1.12-8 - Backport fix for CVE-2026-41651. - Resolves: RHEL-170493...

ALSA-2026:11635 Important: PackageKit security update

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fixes: PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 For more details abou...