CVE-2026-4948

Summary

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-279: Incorrect Execution-Assigned Permissions

Workarounds

To mitigate this issue, ensure that the firewalld desktop policy is not active on systems where local unprivileged user access is a concern. If firewalld is not required, it can be disabled. Disabling firewalld may impact network services that rely on it.

To disable firewalld: sudo systemctl stop firewalld sudo systemctl disable firewalld

A system restart or service reload may be required for changes to take full effect.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References