Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Red Hat PackageKit: Unprivileged Local File Access
RHSA-2026:17560
Summary
PackageKit, a software package manager for Linux systems, has a security issue that allows unprivileged users to access sensitive files. This could potentially allow attackers to gain unauthorized access to system settings and data. Red Hat has released an update to fix this issue, and you should apply it to your system.
What to do
- Update redhat packagekit to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-command-not-found to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-command-not-found-debuginfo to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-cron to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-debuginfo to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-debugsource to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-glib to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-glib-debuginfo to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-gstreamer-plugin to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-gstreamer-plugin-debuginfo to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-gtk3-module to version 0:1.1.12-6.el8_8.1.
- Update redhat packagekit-gtk3-module-debuginfo to version 0:1.1.12-6.el8_8.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-command-not-found |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-command-not-found-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-cron |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-debugsource |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-glib |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-glib-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-gstreamer-plugin |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-gstreamer-plugin-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-gtk3-module |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_e4s:8.8::appstream | redhat | packagekit-gtk3-module-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-command-not-found |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-command-not-found-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-cron |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-debugsource |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-glib |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-glib-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-gstreamer-plugin |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-gstreamer-plugin-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-gtk3-module |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
| Red Hat:rhel_tus:8.8::appstream | redhat | packagekit-gtk3-module-debuginfo |
< 0:1.1.12-6.el8_8.1 Fix: upgrade to 0:1.1.12-6.el8_8.1
|
Original title
Red Hat Security Advisory: PackageKit security update
osv CVSS3.1
8.8
- https://access.redhat.com/errata/RHSA-2026:17560 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2460604 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_17560.... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-41651 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-41651 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-41651 Vendor Advisory
- https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb29... Third Party Advisory
- https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb29... Third Party Advisory
- https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb29... Third Party Advisory
- https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv Third Party Advisory
- https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-e... Third Party Advisory
Published: 15 May 2026 · Updated: 15 May 2026 · First seen: 15 May 2026