Red Hat Product Errata RHSA-2026:18031 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18031 - Security Advisory Overview Updated Packages Synopsis Important: PackageKit security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for PackageKit is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fix(es): PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2460604 - CVE-2026-41651 PackageKit: race condition vulnerability leads to arbitrary package installation as root CVEs CVE-2026-41651 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM PackageKit-1.2.6-1.el9_6.1.src.rpm SHA-256: f4de9c3b72cc123f3e9eb1feb8283d999a77b319e4bad8a86c10a9b6f88711ef x86_64 PackageKit-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: a45534ad085ce3eb6f6742a932fe8739063d82c8253061b6186b9815fbc84679 PackageKit-command-not-found-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 20a087bbe1d38fc1d200bc81806a251d0cbd3a11cea82e3ebe97dcc348b7490a PackageKit-command-not-found-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: 49337c689edf71f39c92e85887046bf0cedfe76e5dba751eb2a1c4b5bc229ec4 PackageKit-command-not-found-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 19f9bdc5e76560f7dc26f40a38990d846aba898bfae963e97fd2a9fed7288242 PackageKit-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: a13a55007fdef55de27a82732f37d7c15270672dbd12c8f1167c596c936028c1 PackageKit-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 805a97d9c8d98339aba45bdb8526faa15821580e669ad6a48b70f86723d5ff54 PackageKit-debugsource-1.2.6-1.el9_6.1.i686.rpm SHA-256: ef8063dd64caa2f9b2384409e16304f67c97d0c526f3020edaeecabd67500653 PackageKit-debugsource-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: cdc2590580b06320df6c5e8e6c3c3188f73a95cf572940a418e8416acea9f432 PackageKit-glib-1.2.6-1.el9_6.1.i686.rpm SHA-256: ff81eae661b240149009dc9c6be0a022b116f87f26167c9e8561ee93dedc4ac8 PackageKit-glib-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: a1c9993d0c883800c2688b89572d8e91a0719e3150d5bb4f9dd277f23124b397 PackageKit-glib-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: 3470bf2f8626e0615175c485dc7188b381ead1cf0ad5c209e83db7482791ef3c PackageKit-glib-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 3bffd2fb704ca2dc7d7dab29d493cd73a907ac2c7a53c445b1359d9b9bff6ac5 PackageKit-gstreamer-plugin-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 7140f45329a7ab4d00e052e6910f52a747a0e77398915a06a035057480640062 PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: c527d3fdec940f79c9391bf0d52c32388eeb369dd350fd0863d3e5d2eddaf1c4 PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 1cabf4b7f81984406424a7c678650385fbaf584fd8c6b2f7a13d6d1fac36b22a PackageKit-gtk3-module-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 3b7286f979395e5fa939c498faccb5f066d5b505bb7dc6f3fd2b205b3746b724 PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: b2189b2fc3fba863d9f2441c6cfe355d3974815d5e5f90d4a4fbe6cec67c6242 PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 29ae4ba3f9d2b08eecdcfb5861195d1fd6b9638fe762e0541268e8c2e9066fa0 Red Hat Enterprise Linux Server - AUS 9.6 SRPM PackageKit-1.2.6-1.el9_6.1.src.rpm SHA-256: f4de9c3b72cc123f3e9eb1feb8283d999a77b319e4bad8a86c10a9b6f88711ef x86_64 PackageKit-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: a45534ad085ce3eb6f6742a932fe8739063d82c8253061b6186b9815fbc84679 PackageKit-command-not-found-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 20a087bbe1d38fc1d200bc81806a251d0cbd3a11cea82e3ebe97dcc348b7490a PackageKit-command-not-found-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: 49337c689edf71f39c92e85887046bf0cedfe76e5dba751eb2a1c4b5bc229ec4 PackageKit-command-not-found-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 19f9bdc5e76560f7dc26f40a38990d846aba898bfae963e97fd2a9fed7288242 PackageKit-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: a13a55007fdef55de27a82732f37d7c15270672dbd12c8f1167c596c936028c1 PackageKit-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 805a97d9c8d98339aba45bdb8526faa15821580e669ad6a48b70f86723d5ff54 PackageKit-debugsource-1.2.6-1.el9_6.1.i686.rpm SHA-256: ef8063dd64caa2f9b2384409e16304f67c97d0c526f3020edaeecabd67500653 PackageKit-debugsource-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: cdc2590580b06320df6c5e8e6c3c3188f73a95cf572940a418e8416acea9f432 PackageKit-glib-1.2.6-1.el9_6.1.i686.rpm SHA-256: ff81eae661b240149009dc9c6be0a022b116f87f26167c9e8561ee93dedc4ac8 PackageKit-glib-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: a1c9993d0c883800c2688b89572d8e91a0719e3150d5bb4f9dd277f23124b397 PackageKit-glib-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: 3470bf2f8626e0615175c485dc7188b381ead1cf0ad5c209e83db7482791ef3c PackageKit-glib-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 3bffd2fb704ca2dc7d7dab29d493cd73a907ac2c7a53c445b1359d9b9bff6ac5 PackageKit-gstreamer-plugin-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 7140f45329a7ab4d00e052e6910f52a747a0e77398915a06a035057480640062 PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: c527d3fdec940f79c9391bf0d52c32388eeb369dd350fd0863d3e5d2eddaf1c4 PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 1cabf4b7f81984406424a7c678650385fbaf584fd8c6b2f7a13d6d1fac36b22a PackageKit-gtk3-module-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 3b7286f979395e5fa939c498faccb5f066d5b505bb7dc6f3fd2b205b3746b724 PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_6.1.i686.rpm SHA-256: b2189b2fc3fba863d9f2441c6cfe355d3974815d5e5f90d4a4fbe6cec67c6242 PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_6.1.x86_64.rpm SHA-256: 29ae4ba3f9d2b08eecdcfb5861195d1fd6b9638fe762e0541268e8c2e9066fa0 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM PackageKit-1.2.6-1.el9_6.1.src.rpm SHA-256: f4de9c3b72cc123f3e9eb1feb8283d999a77b319e4bad8a86c10a9b6f88711ef s390x PackageKit-1.2.6-1.el9_6.1.s390x.rpm SHA-256: d6fdda8d7120bdd526dd455f8f20d83e73b1b5951740bfc6b5f8e212047c088b PackageKit-command-not-found-1.2.6-1.el9_6.1.s390x.rpm SHA-256: b07696ef9c1a5f048e2470a37521971add9bf922149cf2d7763e8872e95ede9e PackageKit-command-not-found-debuginfo-1.2.6-1.el9_6.1.s390x.rpm SHA-256: f02f52391523f39881f3c73a7e5a536fbac983f4f766ad852396069f84632bca PackageKit-debuginfo-1.2.6-1.el9_6.1.s390x.rpm SHA-256: f04d8000dde7aadd6bb9e09496be7c8f3e290433dda22257592dbd7c9867d584 PackageKit-debugsource-1.2.6-1.el9_6.1.s390x.rpm SHA-256: 633373592e6c15024c7ad784280d43f4b328c82986550e31e852ee8b8c4906c6 PackageKit-glib-1.2.6-1.el9_6.1.s390x.rpm SHA-256: 5a171218cf9279e08425527854d36386109d4085434293e13ba04c30e47f0aeb PackageKit-glib-debuginfo-1.2.6-1.el9_6.1.s390x.rpm SHA-256: 35c0963b7b0a149b6aca0cdba675d399734a2f613517f7ad572fc602403bb92b PackageKit-gstreamer-plugin-debuginfo-1.2.6-1.el9_6.1.s390x.rpm SHA-256: 5fdb8f26e5e9bad2c4f0c34892a5bf48f791f3f896ad322cb295f7c5ed24f940 PackageKit-gtk3-module-1.2.6-1.el9_6.1.s390x.rpm SHA-256: eea6b2693b87481eaf9799db0fcaaf14793a7827e070c9fbbc9d35487b5ba06a PackageKit-gtk3-module-debuginfo-1.2.6-1.el9_6.1.s390x.rpm SHA-256: 1f839a4d8a1fbf8ad2dae818f42865b4d32438010ff80526974f835930786d4d Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM PackageKit-1.2.6-1.el9_6.1.src.rpm SHA-256: f4de9c3b72cc123f3e9eb1feb8283d999a77b319e4bad8a86c10a9b6f88711ef ppc64le PackageKit-1.2.6-1.el9_6.1.ppc64le.rpm SHA-256: 573179f634e41239de45e8bd244f5aaba88e7c4fbc907f70a59824fd14ef909f PackageKit-command-not-found-1.2.6-1.el9_6.1.ppc64le.rpm SHA-256: 0cbecea5d82e2e9d600fdc7530e39cc8693267a5776031e769d4a4f995d804ef PackageKit-command-not-found-debuginfo-1.2.6-1.el9_6.1.ppc64le.rpm SHA-256: f6c146846493e08186614114ad247dd689341996ec488b9c834ac18c3d