{"cve":{"cve_id":"CVE-2026-3888","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00383,"epss_percentile":0.29969,"epss_as_of":"2026-06-23","description":"Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.","published_at":"2026-03-17T14:02:08.475000Z","last_modified_at":null,"cvss_v3_score":7.8,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-268"],"nvd_references":["https://ubuntu.com/security/CVE-2026-3888","https://ubuntu.com/security/notices/USN-8102-1","https://discourse.ubuntu.com/t/snapd-local-privilege-escalation-cve-2026-3888","https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root","https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:30:06.761905Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"canonical","vendor_name":"Canonical","product_slug":"ubuntu-16.04-lts","product_name":"Ubuntu 16.04 LTS","version_start":"2.61.4ubuntu0.16.04.1+esm2","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:canonical:ubuntu-16.04-lts:2.61.4ubuntu0.16.04.1+esm2:*"},{"vendor_slug":"canonical","vendor_name":"Canonical","product_slug":"ubuntu-18.04-lts","product_name":"Ubuntu 18.04 LTS","version_start":"2.61.4ubuntu0.18.04.1+esm2","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:canonical:ubuntu-18.04-lts:2.61.4ubuntu0.18.04.1+esm2:*"},{"vendor_slug":"canonical","vendor_name":"Canonical","product_slug":"ubuntu-20.04-lts","product_name":"Ubuntu 20.04 LTS","version_start":"2.67.1+20.04ubuntu1~esm1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:canonical:ubuntu-20.04-lts:2.67.1+20.04ubuntu1~esm1:*"},{"vendor_slug":"canonical","vendor_name":"Canonical","product_slug":"ubuntu-22.04-lts","product_name":"Ubuntu 22.04 LTS","version_start":"2.73+ubuntu22.04.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:canonical:ubuntu-22.04-lts:2.73+ubuntu22.04.1:*"},{"vendor_slug":"canonical","vendor_name":"Canonical","product_slug":"ubuntu-24.04-lts","product_name":"Ubuntu 24.04 LTS","version_start":"2.73+ubuntu24.04.2","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:canonical:ubuntu-24.04-lts:2.73+ubuntu24.04.2:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://ubuntu.com/security/CVE-2026-3888","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://ubuntu.com/security/notices/USN-8102-1","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://discourse.ubuntu.com/t/snapd-local-privilege-escalation-cve-2026-3888","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root","source_type":"MISC","tags":[]},{"url":"https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-03-17T14:02:08.475000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:53:49.239492Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:49.239492Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:49.239492Z","label":"CVSS score revised","source":"cvelistv5"}]}