Pack2TheRoot Vulnerability in Linux Allows Unprivileged Users Root Access
A high-severity vulnerability known as 'Pack2TheRoot' has been identified in the PackageKit cross-distro package management system used in Linux. This flaw, tracked as CVE-2026-41651, is a time-of-check time-of-use (TOCTOU) race condition that allows unprivileged users to install packages with root privileges. The vulnerability affects multiple Linux distributions, including Ubuntu, Debian, and Fedora. It has been present in PackageKit since version 0.8.1, released 14 years ago. The flaw allows attackers to exploit the system by running transactions with corrupted flags, leading to unauthorized root access. 
