RHSA-2026:19601: Important: PackageKit security update
PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API.Security Fix(es): PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2026:19601?
The severity of RHSA-2026:19601 is classified as Important.
What vulnerabilities are addressed in RHSA-2026:19601?
RHSA-2026:19601 addresses a race condition vulnerability that allows arbitrary package installation as root, identified as CVE-2026-41651.
How do I fix RHSA-2026:19601?
To fix RHSA-2026:19601, you need to apply the security update for PackageKit as advised in the advisory.
What is PackageKit in relation to RHSA-2026:19601?
PackageKit is a D-Bus abstraction layer that facilitates secure package management through a universal API across different distributions and architectures.
What could happen if RHSA-2026:19601 is not addressed?
If RHSA-2026:19601 is not addressed, an attacker could exploit the race condition to install packages with root privileges, potentially compromising the system.