CVE-2026-41651 (Pack2TheRoot) is a 12-year-old local privilege escalation in the PackageKit daemon affecting all major Linux distributions including Ubuntu, Debian, Fedora, and Rocky Linux. A public proof-of-concept is circulating. The flaw requires authenticated local access, limiting blast radius, but represents a meaningful post-exploitation escalation path in multi-user Linux environments and should be patched on an expedited basis.