Main Vulnerability Database SB2026042340

SB2026042340 - Improper privilege management in Bubblewrap

Published: April 23, 2026

Security Bulletin ID SB2026042340

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper privilege management (CVE-ID: CVE-2026-41163)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper access control in setuid mode when handling ptrace attachment during the sandbox setup phase. A local user can attach to bubblewrap with ptrace and control the unprivileged part of the sandbox setup phase to escalate privileges.

Only installations running in setuid mode are vulnerable, and exploitation is possible in configurations that support overlayfs mounts.

Remediation

Install update from vendor's website.

References

https://github.com/containers/bubblewrap/security/advisories/GHSA-xq78-7hw4-5jvp