CVE-2026-3888

This repository contains a functional privilege escalation exploit for CVE-2026-3888, targeting a race condition in snap-confine to achieve root access. The exploit involves namespace manipulation and dynamic linker hijacking via a crafted library.

This repository provides a detailed technical analysis of CVE-2026-3888, a local privilege escalation vulnerability in Ubuntu 24.04 involving the interaction between snap-confine and systemd-tmpfiles. It includes in-depth explanations of the race condition, exploitation steps, and mitigations.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2026-3888, targeting a TOCTOU race condition between `snap-confine` and `systemd-tmpfiles` on Ubuntu 24.04+. Two variants are provided: SUID and Capabilities, both leveraging race conditions to overwrite critical files and escalate privileges to root.

This PoC exploits a race condition in the Snap package manager (hello-world snap) to achieve local privilege escalation by symlinking a malicious shared library into a target directory. The payload executes arbitrary commands with elevated privileges upon successful exploitation.

This repository contains a bash script designed to detect and remediate CVE-2026-3888 on Ubuntu systems by checking the installed version of snapd and applying patches if necessary. It does not exploit the vulnerability but instead automates the patching process.

This repository contains a functional PoC for CVE-2026-3888, a local privilege escalation vulnerability in snapd. The exploit leverages a race condition between snap-confine and systemd-tmpfiles to recreate the /tmp/.snap directory with malicious files, leading to root privilege execution.