CLSA-2026-1778773906

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778773906.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1778773906

Upstream

CVE-2026-41651

Published

2026-05-14T18:20:07Z

Modified

2026-06-01T00:32:52.233675461Z

Summary

PackageKit: Fix of CVE-2026-41651

Details

CVE-2026-41651: fix TOCTOU race on cached transaction flags that allowed unprivileged users to install arbitrary RPM packages as root via the PackageKit D-Bus interface, leading to local privilege escalation; reject re-invocation of action methods on transactions that have left the NEW state.

References

https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2026-1778773906.html

Affected packages

TuxCare:AlmaLinux:9.6

PackageKit

Package

Name: PackageKit
Purl: pkg:rpm/tuxcare/PackageKit?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778773906.json"

PackageKit-command-not-found

Package

Name: PackageKit-command-not-found
Purl: pkg:rpm/tuxcare/PackageKit-command-not-found?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778773906.json"

PackageKit-cron

Package

Name: PackageKit-cron
Purl: pkg:rpm/tuxcare/PackageKit-cron?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778773906.json"

PackageKit-glib

Package

Name: PackageKit-glib
Purl: pkg:rpm/tuxcare/PackageKit-glib?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778773906.json"

PackageKit-glib-devel

Package

Name: PackageKit-glib-devel
Purl: pkg:rpm/tuxcare/PackageKit-glib-devel?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778773906.json"

PackageKit-gstreamer-plugin

Package

Name: PackageKit-gstreamer-plugin
Purl: pkg:rpm/tuxcare/PackageKit-gstreamer-plugin?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778773906.json"

PackageKit-gtk3-module

Package

Name: PackageKit-gtk3-module
Purl: pkg:rpm/tuxcare/PackageKit-gtk3-module?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778773906.json"