CVE-2026-10294
Improper Authorization in PackageKit via Frontend-Socket Argument
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| packagekit | packagekit | to 1.3.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in PackageKit up to version 1.3.5, specifically in the function g_file_test within the file src/pk-transaction.c. It involves manipulation of the argument frontend-socket, which leads to improper authorization.
The vulnerability can be exploited remotely, meaning an attacker does not need local access to execute the attack.
The exploit has been publicly disclosed and may be used by attackers.
How can this vulnerability impact me? :
The vulnerability allows improper authorization due to manipulation of the frontend-socket argument, which could enable an attacker to perform unauthorized actions remotely.
Given the CVSS scores, the impact is relatively low to moderate, with a base score of 4.3 in version 3.1, indicating limited confidentiality impact and no integrity or availability impact.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized use of the SetHints D-Bus method with the frontend-socket parameter. An attacker may create symbolic links to probe arbitrary files on the system.
To detect exploitation attempts, you can check for unusual D-Bus calls to PackageKit's SetHints method, especially those involving symbolic links or unexpected socket paths.
- Use dbus-monitor to watch for calls to the SetHints method: dbus-monitor "type='method_call',interface='org.freedesktop.PackageKit.Transaction',member='SetHints'"
- Check for symbolic links created by unprivileged users pointing to sensitive files: find / -type l -user <unprivileged_user>
- Audit PackageKit logs for suspicious frontend-socket parameter usage or unexpected transaction creators.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the PackageKit D-Bus interface to trusted users only and monitoring for suspicious activity involving the SetHints method.
Since the vulnerability arises from improper authorization and symbolic link following in g_file_test(), applying updates or patches from PackageKit that fix this issue is critical.
- Limit PackageKit usage to privileged users and ensure proper PolicyKit rules are enforced.
- Apply any available security patches or updates from the PackageKit project.
- Consider disabling or restricting the SetHints D-Bus method if possible until a fix is applied.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in PackageKit allows unauthorized users to probe the existence of arbitrary files on the system by exploiting improper authorization and symbolic link handling. This unauthorized file probing could potentially lead to exposure of sensitive information or system configuration details.
Such unauthorized access to file existence information may impact compliance with standards and regulations like GDPR or HIPAA, which require strict controls on access to sensitive data and system security to protect personal and health information.
However, the provided information does not explicitly state the direct impact on compliance frameworks, so the exact effect on compliance depends on the nature of the files probed and the environment in which PackageKit is used.