CVE-2026-4948

Name of the Vulnerable Software and Affected Versions firewalld (affected versions not specified)

Description A flaw exists in firewalld that allows a local unprivileged user to modify the runtime firewall state without proper authentication. This is possible due to mis-authorization of two runtime D-Bus setters: setZoneSettings2 and setPolicySettings. Exploitation of this issue leads to unauthorized changes in network security configurations. D-Bus (Desktop Bus) is a message bus system that allows communication between applications on a Linux system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.