Browse all 4 CVE security advisories affecting PackageKit. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PackageKit serves as a centralized software package management system across Linux distributions, simplifying installation and updates. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often through improper input validation or insecure handling of package metadata. Notable security characteristics include its broad attack surface due to integration with multiple package managers and desktop environments. While no major public incidents have been widely documented, the four recorded CVEs highlight potential risks in package verification and service communication, emphasizing the need for careful input sanitization and regular security updates in package management systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41651 | PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root — PackageKitCWE-367 | 8.8 | High | 2026-04-22 |
| CVE-2020-16122 | Packagekit's apt backend lets user install untrusted local packages — packagekitCWE-269 | 8.2 | High | 2020-11-07 |
| CVE-2020-16121 | PackageKit error messages leak presence and mimetype of files to unprivileged users — PackageKitCWE-209 | 3.3 | Low | 2020-11-07 |
| CVE-2011-2515 | PackageKit 安全漏洞 — packagekit | 7.3 | - | 2019-11-27 |
This page lists every published CVE security advisory associated with PackageKit. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.