UBUNTU-CVE-2026-3888
- Source
- https://ubuntu.com/security/CVE-2026-3888
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-3888.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-3888
- Upstream
- Downstream
- Related
- Published
- 2026-03-17T14:00:00Z
- Modified
- 2026-04-27T18:57:18.955337Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Ubuntu - high
- Summary
- [none]
- Details
-
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.
- References
-
- https://ubuntu.com/security/CVE-2026-3888
- https://www.cve.org/CVERecord?id=CVE-2026-3888
- https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
- https://ubuntu.com/security/notices/USN-8102-1
- https://ubuntu.com/security/notices/USN-8102-2
Affected packages
Ubuntu:22.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.73+ubuntu22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.73+ubuntu22.04.1
Affected versions
2.*
2.53+21.10ubuntu1
2.54.2+22.04ubuntu1
2.54.2+22.04ubuntu2
2.54.2+22.04ubuntu3
2.54.3+git19.g868fc21+22.04
2.54.3+git26.g360067e+22.04
2.55.2+22.04
2.55.2+22.04.1
2.55.3+22.04
2.55.3+22.04ubuntu1
2.55.5+22.04
2.56.2+22.04ubuntu1
2.57.4+22.04
2.57.5+22.04
2.57.5+22.04ubuntu0.1
2.58+22.04
2.58+22.04.1
2.61.3+22.04
2.62+22.04
2.63+22.04
2.63+22.04ubuntu0.1
2.65.3+22.04
2.66.1+22.04
2.67.1+22.04
2.68.5+ubuntu22.04.1
2.71+ubuntu22.04
2.72+ubuntu22.04
2.73+ubuntu22.04
Ecosystem specific
{
"priority_reason": "Local Privilege Escalation",
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-github-snapcore-snapd-dev",
"binary_version": "2.73+ubuntu22.04.1"
},
{
"binary_name": "golang-github-ubuntu-core-snappy-dev",
"binary_version": "2.73+ubuntu22.04.1"
},
{
"binary_name": "snap-confine",
"binary_version": "2.73+ubuntu22.04.1"
},
{
"binary_name": "snapd",
"binary_version": "2.73+ubuntu22.04.1"
},
{
"binary_name": "snapd-xdg-open",
"binary_version": "2.73+ubuntu22.04.1"
},
{
"binary_name": "ubuntu-core-launcher",
"binary_version": "2.73+ubuntu22.04.1"
},
{
"binary_name": "ubuntu-core-snapd-units",
"binary_version": "2.73+ubuntu22.04.1"
},
{
"binary_name": "ubuntu-snappy",
"binary_version": "2.73+ubuntu22.04.1"
},
{
"binary_name": "ubuntu-snappy-cli",
"binary_version": "2.73+ubuntu22.04.1"
}
]
}Ubuntu:24.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.73+ubuntu24.04.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.73+ubuntu24.04.2
Affected versions
2.*
2.60.4+23.10
2.61.3+24.04
2.62+24.04build1
2.63+24.04
2.63+24.04ubuntu0.1
2.63.1+24.04
2.65.3+24.04
2.66.1+24.04
2.67.1+24.04
2.68.5+ubuntu24.04.1
2.71+ubuntu24.04
2.72+ubuntu24.04
2.73+ubuntu24.04
2.73+ubuntu24.04.1
Ecosystem specific
{
"priority_reason": "Local Privilege Escalation",
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-github-snapcore-snapd-dev",
"binary_version": "2.73+ubuntu24.04.2"
},
{
"binary_name": "golang-github-ubuntu-core-snappy-dev",
"binary_version": "2.73+ubuntu24.04.2"
},
{
"binary_name": "snap-confine",
"binary_version": "2.73+ubuntu24.04.2"
},
{
"binary_name": "snapd",
"binary_version": "2.73+ubuntu24.04.2"
},
{
"binary_name": "snapd-xdg-open",
"binary_version": "2.73+ubuntu24.04.2"
},
{
"binary_name": "ubuntu-core-launcher",
"binary_version": "2.73+ubuntu24.04.2"
},
{
"binary_name": "ubuntu-core-snapd-units",
"binary_version": "2.73+ubuntu24.04.2"
},
{
"binary_name": "ubuntu-snappy",
"binary_version": "2.73+ubuntu24.04.2"
},
{
"binary_name": "ubuntu-snappy-cli",
"binary_version": "2.73+ubuntu24.04.2"
}
]
}Ubuntu:25.10
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.73+ubuntu25.10.1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.73+ubuntu25.10.1
Affected versions
2.*
2.67.1+25.04
2.68.5+ubuntu25.10.2
2.71+ubuntu25.10
2.71.1+ubuntu25.10.1
2.72+ubuntu25.10.2
2.73+ubuntu25.10
Ecosystem specific
{
"priority_reason": "Local Privilege Escalation",
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-github-snapcore-snapd-dev",
"binary_version": "2.73+ubuntu25.10.1"
},
{
"binary_name": "golang-github-ubuntu-core-snappy-dev",
"binary_version": "2.73+ubuntu25.10.1"
},
{
"binary_name": "snap-confine",
"binary_version": "2.73+ubuntu25.10.1"
},
{
"binary_name": "snapd",
"binary_version": "2.73+ubuntu25.10.1"
},
{
"binary_name": "snapd-xdg-open",
"binary_version": "2.73+ubuntu25.10.1"
},
{
"binary_name": "ubuntu-core-launcher",
"binary_version": "2.73+ubuntu25.10.1"
},
{
"binary_name": "ubuntu-core-snapd-units",
"binary_version": "2.73+ubuntu25.10.1"
},
{
"binary_name": "ubuntu-snappy",
"binary_version": "2.73+ubuntu25.10.1"
},
{
"binary_name": "ubuntu-snappy-cli",
"binary_version": "2.73+ubuntu25.10.1"
}
]
}Ubuntu:26.04
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.74.1+ubuntu26.04.3?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.74.1+ubuntu26.04.3
Affected versions
2.*
2.71.1+ubuntu25.10.1
2.72+ubuntu26.04.1
2.73+ubuntu26.04.1
2.74+ubuntu26.04
2.74.1+ubuntu26.04
Ubuntu:Pro:16.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.61.4ubuntu0.16.04.1+esm2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.61.4ubuntu0.16.04.1+esm2
Affected versions
1.*
1.9
1.9.1.1
1.9.2
2.*
2.0
2.0.1
2.0.2
2.0.3
2.0.5
2.0.8
2.0.9
2.0.10
2.11+0.16.04
2.12+0.16.04
2.13
2.14.2~16.04
2.15.2ubuntu1
2.16ubuntu3
2.17.1ubuntu1
2.20.1ubuntu1
2.21
2.22.2
2.22.3
2.22.6
2.23.1
2.24.1
2.25
2.26.10
2.27.5
2.28.5
2.29.4.2
2.32.3.2
2.32.9
2.33.1ubuntu2
2.34.2
2.34.2ubuntu0.1
2.37.4
2.37.4ubuntu0.1
2.38
2.39.2
2.39.2ubuntu0.2
2.40
2.42.1
2.45.1
2.45.1ubuntu0.2
2.46.1
2.47.1
2.48
2.48.3
2.54.3+16.04~esm2
2.54.3+16.04.0ubuntu0.1~esm3
2.54.3+16.04.0ubuntu0.1~esm4
2.54.3+16.04.0ubuntu0.1~esm5
2.54.3+16.04.0ubuntu0.1~esm6
2.61.4ubuntu0.16.04.1+esm1
Ecosystem specific
{
"priority_reason": "Local Privilege Escalation",
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-snapcore-snapd-dev",
"binary_version": "2.61.4ubuntu0.16.04.1+esm2"
},
{
"binary_name": "golang-github-ubuntu-core-snappy-dev",
"binary_version": "2.61.4ubuntu0.16.04.1+esm2"
},
{
"binary_name": "snap-confine",
"binary_version": "2.61.4ubuntu0.16.04.1+esm2"
},
{
"binary_name": "snapd",
"binary_version": "2.61.4ubuntu0.16.04.1+esm2"
},
{
"binary_name": "snapd-xdg-open",
"binary_version": "2.61.4ubuntu0.16.04.1+esm2"
},
{
"binary_name": "ubuntu-core-launcher",
"binary_version": "2.61.4ubuntu0.16.04.1+esm2"
},
{
"binary_name": "ubuntu-core-snapd-units",
"binary_version": "2.61.4ubuntu0.16.04.1+esm2"
},
{
"binary_name": "ubuntu-snappy",
"binary_version": "2.61.4ubuntu0.16.04.1+esm2"
},
{
"binary_name": "ubuntu-snappy-cli",
"binary_version": "2.61.4ubuntu0.16.04.1+esm2"
}
]
}Ubuntu:Pro:18.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.61.4ubuntu0.18.04.1+esm2?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.61.4ubuntu0.18.04.1+esm2
Affected versions
2.*
2.28.5+17.10
2.29.4.1+18.04
2.29.4.2+18.04
2.31.1+18.04
2.32+18.04~pre5
2.32+18.04~pre6
2.32+18.04
2.32.3.2+18.04
2.32.5+18.04
2.32.8+18.04
2.32.9+18.04
2.33.1+18.04ubuntu2
2.34.2+18.04
2.34.2+18.04.1
2.37.1+18.04
2.37.1.1+18.04
2.37.4+18.04
2.37.4+18.04.1
2.38+18.04
2.39.2+18.04
2.40+18.04
2.42.1+18.04
2.45.1+18.04
2.45.1+18.04.2
2.46.1+18.04
2.47.1+18.04
2.48+18.04
2.48.3+18.04
2.49.2+18.04
2.51.1+18.04
2.54.2+18.04ubuntu1
2.54.3+18.04
2.54.3+18.04.2ubuntu0.1
2.54.3+18.04.2ubuntu0.2
2.55.5+18.04
2.57.5+18.04
2.57.5+18.04ubuntu0.1
2.58+18.04
2.58+18.04.1
2.61.4ubuntu0.18.04.1+esm1
Ecosystem specific
{
"priority_reason": "Local Privilege Escalation",
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-snapcore-snapd-dev",
"binary_version": "2.61.4ubuntu0.18.04.1+esm2"
},
{
"binary_name": "golang-github-ubuntu-core-snappy-dev",
"binary_version": "2.61.4ubuntu0.18.04.1+esm2"
},
{
"binary_name": "snap-confine",
"binary_version": "2.61.4ubuntu0.18.04.1+esm2"
},
{
"binary_name": "snapd",
"binary_version": "2.61.4ubuntu0.18.04.1+esm2"
},
{
"binary_name": "snapd-xdg-open",
"binary_version": "2.61.4ubuntu0.18.04.1+esm2"
},
{
"binary_name": "ubuntu-core-launcher",
"binary_version": "2.61.4ubuntu0.18.04.1+esm2"
},
{
"binary_name": "ubuntu-core-snapd-units",
"binary_version": "2.61.4ubuntu0.18.04.1+esm2"
},
{
"binary_name": "ubuntu-snappy",
"binary_version": "2.61.4ubuntu0.18.04.1+esm2"
},
{
"binary_name": "ubuntu-snappy-cli",
"binary_version": "2.61.4ubuntu0.18.04.1+esm2"
}
]
}Ubuntu:Pro:20.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd@2.67.1+20.04ubuntu1~esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.67.1+20.04ubuntu1~esm1
Affected versions
2.*
2.41+19.10.1
2.42.1+20.04
2.43.3+git1.8109f8
2.44~pre1+20.04
2.44+20.04
2.44.2+20.04
2.44.3+20.04
2.45.1+20.04
2.45.1+20.04.2
2.46.1+20.04
2.47.1+20.04
2.48+20.04
2.48.3+20.04
2.49.2+20.04
2.51.1+20.04ubuntu2
2.54.2+20.04ubuntu2
2.54.3+20.04
2.54.3+20.04.1
2.54.3+20.04.1ubuntu0.1
2.54.3+20.04.1ubuntu0.2
2.54.3+20.04.1ubuntu0.3
2.55.5+20.04
2.57.5+20.04
2.57.5+20.04ubuntu0.1
2.58+20.04
2.58+20.04.1
2.61.3+20.04
2.62+20.04
2.63+20.04
2.63+20.04ubuntu0.1
2.65.3+20.04
2.66.1+20.04
2.67.1+20.04
Ecosystem specific
{
"priority_reason": "Local Privilege Escalation",
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-snapcore-snapd-dev",
"binary_version": "2.67.1+20.04ubuntu1~esm1"
},
{
"binary_name": "golang-github-ubuntu-core-snappy-dev",
"binary_version": "2.67.1+20.04ubuntu1~esm1"
},
{
"binary_name": "snap-confine",
"binary_version": "2.67.1+20.04ubuntu1~esm1"
},
{
"binary_name": "snapd",
"binary_version": "2.67.1+20.04ubuntu1~esm1"
},
{
"binary_name": "snapd-xdg-open",
"binary_version": "2.67.1+20.04ubuntu1~esm1"
},
{
"binary_name": "ubuntu-core-launcher",
"binary_version": "2.67.1+20.04ubuntu1~esm1"
},
{
"binary_name": "ubuntu-core-snapd-units",
"binary_version": "2.67.1+20.04ubuntu1~esm1"
},
{
"binary_name": "ubuntu-snappy",
"binary_version": "2.67.1+20.04ubuntu1~esm1"
},
{
"binary_name": "ubuntu-snappy-cli",
"binary_version": "2.67.1+20.04ubuntu1~esm1"
}
]
}