Priv Escalation in snapd via /tmp Recreation (Ubuntu 16.04-24.04)
CVE-2026-3888 Published on March 17, 2026

Local Privilege Escalation in snapd
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-3888 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Privilege Chaining

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.

Exploit Probability

EPSS

0.01%

Percentile

0.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Priv Escalation in snapd via /tmp Recreation (Ubuntu 16.04-24.04)CVE-2026-3888 Published on March 17, 2026

Vulnerability Analysis

Weakness Type

Privilege Chaining

Exploit Probability

Priv Escalation in snapd via /tmp Recreation (Ubuntu 16.04-24.04)
CVE-2026-3888 Published on March 17, 2026