HomeDescription
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.
PUBLISHED Reserved 2026-06-04 | Published 2026-06-04 | Updated 2026-06-04 | Assigner redhat
MEDIUM: 6.7CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Problem types
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product status
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Timeline
| 2026-06-04: | Reported to Red Hat. |
| 2026-06-04: | Made public. |
References
access.redhat.com/security/cve/CVE-2026-10805 vdb-entry
bugzilla.redhat.com/show_bug.cgi?id=2484613 (RHBZ#2484613) issue-tracking
cve.org (CVE-2026-10805)
nvd.nist.gov (CVE-2026-10805)
Download JSON
