Red Hat Product Errata RHSA-2026:19601 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19601 - Security Advisory Overview Updated Packages Synopsis Important: PackageKit security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for PackageKit is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fix(es): PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2460604 - CVE-2026-41651 PackageKit: race condition vulnerability leads to arbitrary package installation as root CVEs CVE-2026-41651 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM PackageKit-1.2.8-8.el10_0.1.src.rpm SHA-256: 20115f881ed90b404ad2f147574b9ea125d04f7d453e91145cc2dd8d593d3eb1 x86_64 PackageKit-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: b061a8ff4de5d7f26a69469a97e42eab830eca3b1719761ff31aa68484f64df2 PackageKit-command-not-found-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: ea06b62cc1dbe68c8a9278047ee66ffb23a8bdf68daededab324f0a52408d6d0 PackageKit-command-not-found-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 79ad82361f8c5fc179b3759141fb7db7a9e43d3203cb28833b948098c134b3e5 PackageKit-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 159878949768f75c15411622cb0340e20bf21e6df55627cb8dc9c8f79dfdec78 PackageKit-debugsource-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 8dc483166e1769c776c867fec4beebdf1690fce23555694ee123b4b221aa5290 PackageKit-glib-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 79da3be663a5f701d68c26747b71acc735979a0cf3c72099650cf671660ae913 PackageKit-glib-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: f4293719a4a64c5b24f1b14b093379e78298b0aaedf652ee724616326f281195 PackageKit-gstreamer-plugin-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: f36c16abc0c44f2257e88412d07a4fd78eb0799a4d654736efb3a0b11c6f8ebe PackageKit-gstreamer-plugin-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 27a8c67b8111151a2173501f1585c4fe8731f558fd844a5e3b490287fb77c9db PackageKit-gtk3-module-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 33f17076aae9970f7baaa4de94df2bdd0d29a9029c26e49b51755be0c6327617 PackageKit-gtk3-module-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 530d8b97d8abf56a5de918b9f9e31bcd5411a066d89935406e82be56ac8814bd Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM PackageKit-1.2.8-8.el10_0.1.src.rpm SHA-256: 20115f881ed90b404ad2f147574b9ea125d04f7d453e91145cc2dd8d593d3eb1 s390x PackageKit-1.2.8-8.el10_0.1.s390x.rpm SHA-256: fd8e0ad9b946ba09ceac520244bb24d10aa5984454c6f9923f40a18cdbf5f79e PackageKit-command-not-found-1.2.8-8.el10_0.1.s390x.rpm SHA-256: bd2d3b4fe1881900a6c91190fb221cae64f0ca3d42c9baf3f9ad26825f9bad9d PackageKit-command-not-found-debuginfo-1.2.8-8.el10_0.1.s390x.rpm SHA-256: 505f26383f26f7cfcdd57e3e81116d920f82a6c5fda670082e85325974fd00a8 PackageKit-debuginfo-1.2.8-8.el10_0.1.s390x.rpm SHA-256: a1ba171edcb369cf38f21f88d3bd103590ee24e1ec4beec414f6dd8b98120b13 PackageKit-debugsource-1.2.8-8.el10_0.1.s390x.rpm SHA-256: a19f92fa4cf8383086be5cc813e5acbc28aea7d23bc1ffb4307603e83f38bfd4 PackageKit-glib-1.2.8-8.el10_0.1.s390x.rpm SHA-256: 8440e7f2062040912f55d51923aa892b4503347bdca73a4a71a1be4693378420 PackageKit-glib-debuginfo-1.2.8-8.el10_0.1.s390x.rpm SHA-256: 569716b7dd9f6cf11fbaaf8dd8d6a968469db59e43311e0815f468cdef180249 PackageKit-gstreamer-plugin-debuginfo-1.2.8-8.el10_0.1.s390x.rpm SHA-256: f1fdc3d9c7c370c0ce822acb90611fd23ce24fad761fac5b9e72821f7f140c3c PackageKit-gtk3-module-1.2.8-8.el10_0.1.s390x.rpm SHA-256: c35b783cb8f50dd506a6835bdf8653ad1b1e396012da13b23983effa41a8107b PackageKit-gtk3-module-debuginfo-1.2.8-8.el10_0.1.s390x.rpm SHA-256: 92b4fae6a1a1c219c96af4b707a05de16d16f5a93599498b89422f96dbe2d657 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM PackageKit-1.2.8-8.el10_0.1.src.rpm SHA-256: 20115f881ed90b404ad2f147574b9ea125d04f7d453e91145cc2dd8d593d3eb1 ppc64le PackageKit-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: 970ebba557bc15184d809482bb6ef0d0fa9b334ded9bde3d9f7f128e683bd244 PackageKit-command-not-found-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: 1473d6f37d0e19e53fe1f3879f1d418f8d1395e13eca90d57ea54b41b2c8fe7f PackageKit-command-not-found-debuginfo-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: 2659a13efc99786461b554980dbdf266628305e3fa87baa727d9f17911cfc7cb PackageKit-debuginfo-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: a4449f1391437bcf254bfd0c4e63556bc1d0d1f9ffa454c84aa40afaab04a9e7 PackageKit-debugsource-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: 72dfdbb16a5bd6986b5c63c9e124016a1b774ed19384e8c8a2d93145bc340eed PackageKit-glib-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: d1f324c71c2eb53252008dc4c0f4c92bb862b2d6bc5afd13cdebc67df3216799 PackageKit-glib-debuginfo-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: a93be94dc1b6a175cc0b7a31a517707b9bfe2500bd8905f6d28f846c8d88df9b PackageKit-gstreamer-plugin-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: 0b5bbfaed24ff2af429d58db0891a54de8439bde6868bc1d6cf4ab8837794226 PackageKit-gstreamer-plugin-debuginfo-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: a87131dd937542f81bb087264547d7465402167eb2553b51ca8c9ee1be7ed520 PackageKit-gtk3-module-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: 5b34189ec675708311683ee15e0177a313c4fc6c8de51a3803f21ca446d2a3b0 PackageKit-gtk3-module-debuginfo-1.2.8-8.el10_0.1.ppc64le.rpm SHA-256: 5a94221e6578e9a53f9fbea3a3d2198708ac55605498a4b54359d918bad512f9 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM PackageKit-1.2.8-8.el10_0.1.src.rpm SHA-256: 20115f881ed90b404ad2f147574b9ea125d04f7d453e91145cc2dd8d593d3eb1 aarch64 PackageKit-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: aaf36b98dc91e2163adfc6363939e5bec7fbe6c39c622cd7491c18853baee905 PackageKit-command-not-found-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: 009a4c928702b7f9b8c96ee4e9e04f3afe35b6e226b9022a0403956ea7e43251 PackageKit-command-not-found-debuginfo-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: 5b268ca9e8f211b5853898097eda9c948bb3682fbbf72389ae176e51809e4c3d PackageKit-debuginfo-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: 80f0469886e1678b265e7b3b8ba50f686f70fbdfc39dac1fb3e4c70ff18d716f PackageKit-debugsource-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: 0eb37dc8ca41940c964744d512960c4a3c2dd4b1133234fee47bd3627f5200f7 PackageKit-glib-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: 4aca992aec3571da87660721cf842326237b9f65546749d2d51ab312f99a9bc9 PackageKit-glib-debuginfo-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: b8130642686f2d480df5b778d73a3befa43d859bdb68e89163952f70ec7dd543 PackageKit-gstreamer-plugin-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: f5bd1090ef0be5eeffc0ae6be5f399a60b38ba16dcb53daa173b6a8ad9616d6b PackageKit-gstreamer-plugin-debuginfo-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: 9de31e6dac04d050a381785b093be4e94047cee96ffca73a8a46e31209ae422e PackageKit-gtk3-module-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: bccc16c90270bd28b15f5d4d1da3ee3db064c1f931ec9de853e65c305b00e4c4 PackageKit-gtk3-module-debuginfo-1.2.8-8.el10_0.1.aarch64.rpm SHA-256: c8c5cc902fef0f91e87b236f49aadefce3bc41adaf0ebca5f555133ee1f613f4 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM x86_64 PackageKit-command-not-found-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 79ad82361f8c5fc179b3759141fb7db7a9e43d3203cb28833b948098c134b3e5 PackageKit-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 159878949768f75c15411622cb0340e20bf21e6df55627cb8dc9c8f79dfdec78 PackageKit-debugsource-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 8dc483166e1769c776c867fec4beebdf1690fce23555694ee123b4b221aa5290 PackageKit-glib-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: f4293719a4a64c5b24f1b14b093379e78298b0aaedf652ee724616326f281195 PackageKit-glib-devel-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 8ffb6c9221c7ba8fb80feed72023ca2fdbe97e7af3933780636cd3c1f2f1e4e4 PackageKit-gstreamer-plugin-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 27a8c67b8111151a2173501f1585c4fe8731f558fd844a5e3b490287fb77c9db PackageKit-gtk3-module-debuginfo-1.2.8-8.el10_0.1.x86_64.rpm SHA-256: 530d8b97d8abf56a5de918b9f9e31bcd5411a066d89935406e82be56ac8814bd Red Hat CodeReady