CVE-2026-41651 | PackageKit up to 1.3.4 src/pk-transaction.c InstallFiles toctou

Inserito da Angelo Barbosa | Apr 22, 2026 | CVE

A vulnerability has been found in PackageKit up to 1.3.4 and classified as problematic. This impacts the function InstallFiles of the file src/pk-transaction.c. Performing a manipulation results in time-of-check time-of-use.

This vulnerability is identified as CVE-2026-41651. The attack is only possible with local access. There is not any exploit available.

The affected component should be upgraded.

CVE-2026-41651 | PackageKit up to 1.3.4 src/pk-transaction.c InstallFiles toctou

Post correlati

CVE-2025-43732 | Liferay Portal/DXP groupId authorization

CVE-2024-9132 | Arista Edge Threat Management up to 17.1.1 Captive Portal Script code injection

CVE-2024-9841 | OpenText ArcSight Management Center/ArcSight Platform cross site scripting (KM000035977)

CVE-2025-22828 | Apache CloudStack 4.16.x Comment access control