Home

Description

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

PUBLISHED Reserved 2026-03-26 | Published 2026-03-26 | Updated 2026-03-30 | Assigner redhat




MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

Allocation of Resources Without Limits or Throttling

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-03-26:Reported to Red Hat.
2026-03-26:Made public.

References

access.redhat.com/security/cve/CVE-2026-4897 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2451739 (RHBZ#2451739) issue-tracking

cve.org (CVE-2026-4897)

nvd.nist.gov (CVE-2026-4897)

Download JSON