CVE-2026-10294
Deferred Deferred - Pending Action
Improper Authorization in PackageKit via Frontend-Socket Argument

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g_file_test of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-10294
EUVD
EUVD-2026-33818
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
packagekit packagekit to 1.3.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by monitoring for unauthorized use of the SetHints D-Bus method with the frontend-socket parameter. An attacker may create symbolic links to probe arbitrary files on the system.

To detect exploitation attempts, you can check for unusual D-Bus calls to PackageKit's SetHints method, especially those involving symbolic links or unexpected socket paths.

  • Use dbus-monitor to watch for calls to the SetHints method: dbus-monitor "type='method_call',interface='org.freedesktop.PackageKit.Transaction',member='SetHints'"
  • Check for symbolic links created by unprivileged users pointing to sensitive files: find / -type l -user <unprivileged_user>
  • Audit PackageKit logs for suspicious frontend-socket parameter usage or unexpected transaction creators.
Executive Summary

This vulnerability exists in PackageKit up to version 1.3.5, specifically in the function g_file_test within the file src/pk-transaction.c. It involves manipulation of the argument frontend-socket, which leads to improper authorization.

The vulnerability can be exploited remotely, meaning an attacker does not need local access to execute the attack.

The exploit has been publicly disclosed and may be used by attackers.

Impact Analysis

The vulnerability allows improper authorization due to manipulation of the frontend-socket argument, which could enable an attacker to perform unauthorized actions remotely.

Given the CVSS scores, the impact is relatively low to moderate, with a base score of 4.3 in version 3.1, indicating limited confidentiality impact and no integrity or availability impact.

Mitigation Strategies

Immediate mitigation steps include restricting access to the PackageKit D-Bus interface to trusted users only and monitoring for suspicious activity involving the SetHints method.

Since the vulnerability arises from improper authorization and symbolic link following in g_file_test(), applying updates or patches from PackageKit that fix this issue is critical.

  • Limit PackageKit usage to privileged users and ensure proper PolicyKit rules are enforced.
  • Apply any available security patches or updates from the PackageKit project.
  • Consider disabling or restricting the SetHints D-Bus method if possible until a fix is applied.
Compliance Impact

The vulnerability in PackageKit allows unauthorized users to probe the existence of arbitrary files on the system by exploiting improper authorization and symbolic link handling. This unauthorized file probing could potentially lead to exposure of sensitive information or system configuration details.

Such unauthorized access to file existence information may impact compliance with standards and regulations like GDPR or HIPAA, which require strict controls on access to sensitive data and system security to protect personal and health information.

However, the provided information does not explicitly state the direct impact on compliance frameworks, so the exact effect on compliance depends on the nature of the files probed and the environment in which PackageKit is used.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10294. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart