snap-confine + systemd-tmpfiles = root (CVE-2026-3888)
Summary
Qualys reports a local privilege escalation in the default Ubuntu Desktop installation caused by the interaction of snap-confine and systemd-tmpfiles. The advisory details affected versions, how the cleanup of /tmp can be exploited, and notes mitigations and patches in Ubuntu 25.10; it emphasizes defensive actions for admins and developers.