CVE-2026-10805

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-10805

Affected Products

Multicluster Engine For Kubernetes

Red Hat Enterprise Linux 10

Red Hat Enterprise Linux 6

Red Hat Enterprise Linux 7

Red Hat Enterprise Linux 8

Red Hat Enterprise Linux 9

Red Hat Jboss Enterprise Application Platform Expansion Pack

Red Hat Openshift Container Platform 4

CVE-2026-10805

Weakness Enumeration

Related Identifiers

Affected Products

References · 3