CVE-2026-3888 - Vulnerability Analysis

Overview

snapd on Linux (Ubuntu 16.04 LTS to 24.04 LTS) contains a local privilege escalation caused by re-creation of snap's private /tmp directory during systemd-tmpfiles cleanup, letting local attackers gain root privileges.

Severity & Score

Impact

Local attackers can gain root privileges, fully compromising the system.

Mitigation

Update to the latest snapd version with the fix applied.

References

• https://ubuntu.com/security/notices/USN-8102-1
• http://www.openwall.com/lists/oss-security/2026/03/18/1
• https://ubuntu.com/security/CVE-2026-3888
• https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
• https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt
• https://discourse.ubuntu.com/t/snapd-local-privilege-escalation-cve-2026-3888

Social Media Activity(1 post)

/r/netsec

@_r_netsec

Apr 17, 2026

Ubtuntu 24.04+ Snapd Local Privilege Escalation (CVE-2026-3888) https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root

View original post

GitHub Repositories(6 repos)

• https://github.com/nomaisthere/CVE-2026-3888
• https://github.com/TheCyberGeek/CVE-2026-3888-snap-confine-systemd-tmpfiles-LPE
• https://github.com/fevar54/CVE-2026-3888-POC-all-from-the-Qualys-platform.
• https://github.com/netw0rk7/CVE-2026-3888-PoC
• https://github.com/Many-Hat-Group/Ubuntu-CVE-2026-3888-patcher
• https://github.com/DanielTangnes/CVE-2026-3888

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner