CVE-2026-10805
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Workarounds
To prevent exploitation, ensure NetworkManager is not configured to use the dhclient backend. The default configuration on Red Hat Enterprise Linux does not enable dhclient. If a custom configuration file, such as /etc/NetworkManager/conf.d/00-dhcp.conf, contains [main] dhcp=dhclient, remove or comment out this line. After modifying the configuration, restart the NetworkManager service: sudo systemctl restart NetworkManager Warning: Restarting the NetworkManager service will temporarily disrupt network connectivity.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/security/cve/CVE-2026-10805
- https://bugzilla.redhat.com/show_bug.cgi?id=2484613
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.