Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend
CVE-2026-10805

6.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Multicluster Engine For Kubernetes; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7
Vendor: CVE Published:; 4 June 2026

What is CVE-2026-10805?

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.

References

https://access.redhat.com/security/cve/CVE-2026-10805

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2484613

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Jun 4, 2026

CVE-2026-10805 Data

JSON

Red Hat

What is CVE-2026-10805?

References

CVSS V3.1

Timeline