Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2026-41163: Bubblewrap setuid mode allows unauthorized access
CVE-2026-41163
Summary
Bubblewrap, a tool for sandboxing applications, has a security issue when installed in a special mode that allows certain users to gain more access than they should. This could potentially allow attackers to do things they shouldn't be able to do. The issue has been fixed in a newer version of Bubblewrap.
Original title
bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap ...
Original description
bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily use the privileged operations, and in particular the "overlay mount" operation, allowing the creation of overlay mounts which is otherwise not allowed in the setuid version of bubblewrap. This issue has been patched in version 0.11.2.
nvd CVSS4.0
8.7
Vulnerability type
CWE-269
Improper Privilege Management
Published: 9 May 2026 · Updated: 28 May 2026 · First seen: 9 May 2026