Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1870

NIXPKGS-2026-1870
published 6 hours ago
Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend
Permalink CVE-2026-10805
6.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 6 hours ago by @LeSuisse Activity log
  • Created suggestion 11 hours ago
  • @LeSuisse ignored
    20 packages
    • networkmanager-ssh
    • networkmanager_strongswan
    • networkmanager-fortisslvpn
    • networkmanager-openconnect
    • kdePackages.networkmanager-qt
    • mobile-broadband-provider-info
    • python313Packages.sdbus-networkmanager
    • python314Packages.sdbus-networkmanager
    • haskellPackages.amazonka-networkmanager
    • python313Packages.mypy-boto3-networkmanager
    • python314Packages.mypy-boto3-networkmanager
    • python313Packages.types-aiobotocore-networkmanager
    • networkmanager-vpnc
    • networkmanager_dmenu
    • networkmanager-iodine
    • networkmanager-openvpn
    • networkmanager-strongswan
    • networkmanager-sstp
    • networkmanagerapplet
    • networkmanager-l2tp
    6 hours ago
  • @LeSuisse accepted 6 hours ago
  • @LeSuisse published on GitHub 6 hours ago
Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.

References

Affected products

NetworkManager
networkmanager
network-manager-applet
NetworkManager-openswan
NetworkManager-libreswan
mobile-broadband-provider-info
redhat-user-workloads/art-images
openshift4/ose-ovn-kubernetes-rhel9
openshift4/kubernetes-nmstate-rhel8-operator
openshift4/kubernetes-nmstate-rhel9-operator
openshift4/ose-ovn-kubernetes-microshift-rhel9
openshift4/ose-kubernetes-nmstate-handler-rhel8
openshift4/ose-kubernetes-nmstate-handler-rhel9
openshift4/ose-aws-cluster-api-controllers-rhel8
openshift4/ose-aws-cluster-api-controllers-rhel9
multicluster-engine/cluster-api-provider-aws-rhel9

Matching in nixpkgs

Ignored packages (20)

Package maintainers