Pack2TheRoot: 12-Year-Old PackageKit Bug Grants Root on Linux

A privilege escalation vulnerability lurking in Linux distributions since November 2014 now has a public name: Pack2TheRoot. Tracked as CVE-2026-41651, the flaw allows any local unprivileged user to silently install or remove system packages and escalate to full root access.

The Deutsche Telekom Red Team discovered and reported the vulnerability, which carries a CVSS score of 8.8. PackageKit version 1.3.5 addresses the issue, and major distributions have already shipped patches.

TL;DR

• What happened: TOCTOU race condition in PackageKit daemon bypasses Polkit authorization
• Who's affected: Ubuntu, Debian Trixie, Fedora 43, Rocky Linux 10.1 with default PackageKit
• Severity: CVSS 8.8 (High) - any local user can achieve root
• Action required: Upgrade PackageKit to 1.3.5 immediately

What Is PackageKit?

PackageKit is a cross-distribution abstraction layer that handles package management tasks. Rather than calling apt, dnf, or yum directly, desktop environments and graphical installers communicate with the PackageKit daemon. This daemon mediates between user requests and the underlying package manager, theoretically enforcing authorization through Polkit.

The problem: PackageKit hasn't been enforcing that authorization correctly for over a decade.

How Pack2TheRoot Works

The vulnerability stems from a time-of-check to time-of-use (TOCTOU) race condition in the PackageKit transaction state machine. When a user requests a package operation, the daemon checks Polkit authorization at one point, then executes the transaction at another. Between those two moments, the daemon fails to lock transaction properties securely.

An attacker can exploit this gap. By manipulating transaction flags after authorization but before execution, an unprivileged user can install arbitrary packages as root—without ever entering a password.

"All distributions that come with PackageKit pre-installed and enabled out-of-the-box are vulnerable," the Deutsche Telekom researchers noted.

The flaw exists in PackageKit versions 1.0.2 through 1.3.4. That's every release shipped since November 2014.

AI-Assisted Vulnerability Discovery

One detail stands out in the disclosure: the researchers used Claude (Anthropic's AI model) to guide their investigation. After observing that pkcon install commands executed without password prompts on Fedora Workstation, they employed AI-assisted research to systematically explore the privilege escalation vector.

This continues a growing trend of security researchers augmenting traditional analysis with large language models—an approach we've seen used for both legitimate research and malicious purposes this year.

Affected Systems

Deutsche Telekom confirmed these distributions are vulnerable in their default configurations:

Distribution	Versions
Ubuntu Desktop	18.04 (EOL), 24.04.4 LTS, 26.04 LTS beta
Ubuntu Server	22.04 through 24.04 LTS
Debian	Trixie 13.4 Desktop
Rocky Linux	10.1 Desktop
Fedora	43 Desktop and Server

Any distribution shipping PackageKit 1.0.2 through 1.3.4 with the daemon enabled by default is at risk. This mirrors other recent privilege escalation disclosures affecting widely deployed system components.

Detection

Exploitation leaves traces. When the race condition triggers, the PackageKit daemon crashes with an assertion failure. System logs will contain messages referencing pk_transaction_finished_emit.

Check whether your system is vulnerable:

# Check PackageKit version (Debian/Ubuntu)
dpkg -l | grep -i packagekit

# Check PackageKit version (RHEL/Fedora)
rpm -qa | grep -i packagekit

# Verify daemon status
systemctl status packagekit

Any version below 1.3.5 requires immediate patching. While CISA hasn't yet added this CVE to the Known Exploited Vulnerabilities catalog, organizations should treat it with the same urgency as recent CISA KEV additions given the trivial exploitation requirements.

Patching and Mitigation

PackageKit 1.3.5 fixes the TOCTOU race condition. Debian, Ubuntu, and Fedora released patched packages on April 22, 2026—the same day as public disclosure.

Update immediately:

# Debian/Ubuntu
sudo apt update && sudo apt upgrade packagekit

# Fedora
sudo dnf upgrade PackageKit

# Rocky Linux
sudo dnf upgrade PackageKit

If patching isn't immediately possible, disable the PackageKit daemon as a temporary workaround:

sudo systemctl stop packagekit
sudo systemctl disable packagekit

This breaks graphical package management tools but prevents exploitation.

Why This Matters

Pack2TheRoot represents a best-case disclosure scenario: vendor coordination worked, patches shipped before public details emerged, and full technical exploit code remains private. But the 12-year window raises uncomfortable questions about how many similar flaws persist in core system services.

Local privilege escalation isn't as flashy as remote code execution, but it remains a critical attack chain component. An attacker who gains initial access through phishing or a browser vulnerability can use Pack2TheRoot to escalate from unprivileged user to root—owning the entire system.

For organizations running Linux desktops or servers with PackageKit enabled, the priority is clear: patch now, verify package versions, and monitor for the telltale daemon crashes that indicate attempted exploitation. Follow our hacking news coverage for updates if exploitation in the wild is confirmed.