Privileged D-Bus Helper Vulnerability in Plasma Login Manager by openSUSE
CVE-2026-25710

7HIGH

Key Information:

Vendor: Kde
Status: Plasma-login-manager
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-25710?

The Plasma Login Manager from openSUSE contains a vulnerability in its privileged D-Bus helper, plasmaloginauthhelper. This vulnerability allows a compromised plasmalogin service account to execute commands that can change ownership of arbitrary files on the system. This poses a significant risk as it could lead to unauthorized access and manipulation of critical system files, potentially compromising the integrity and security of the operating system.

Affected Version(s)

plasma-login-manager 0

References

https://security.opensuse.org/2026/04/27/plasma-login-man...

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25710

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Feb 5, 2026

Credit

Matthias Gerstner of SUSE

CVE-2026-25710 Data

JSON

Kde

What is CVE-2026-25710?

Affected Version(s)

References

CVSS V4

Timeline

Credit