Local Privilege Escalation Vulnerability in NetworkManager by Red Hat
CVE-2026-10805

6.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Multicluster Engine For Kubernetes; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7
Vendor: CVE Published:; 4 June 2026

What is CVE-2026-10805?

A local privilege escalation vulnerability has been identified in NetworkManager, specifically within the dhclient backend. This flaw arises when NetworkManager processes incorrectly formatted Manufacturer Usage Description (MUD) URLs. A local user may exploit this vulnerability to escalate their privileges by crafting a malicious MUD URL that triggers a script. It is important to note that this vulnerability only affects systems where an administrator has specifically configured NetworkManager to use dhclient, leaving default configurations unaffected.

References

https://access.redhat.com/security/cve/CVE-2026-10805

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2484613

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Jun 4, 2026

CVE-2026-10805 Data

JSON