CVE-2026-10805
Awaiting Analysis Awaiting Analysis - Queue
Local Privilege Escalation in NetworkManager dhclient Backend

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: Red Hat, Inc.

Description
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-24
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-10805
EUVD
EUVD-2026-34207
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
networkmanager networkmanager *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10805 is a local privilege escalation vulnerability found in NetworkManager's dhclient backend. It occurs when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw by triggering a script via a specially crafted MUD URL, but only if an administrator has explicitly configured NetworkManager to use dhclient. Default NetworkManager configurations are not affected.

Impact Analysis

This vulnerability allows a local attacker to escalate their privileges on the affected system. By exploiting the flaw, the attacker can execute scripts with higher privileges, potentially gaining unauthorized access or control over system resources. However, exploitation requires that NetworkManager is explicitly configured to use dhclient, which is not the default setting.

Detection Guidance

This vulnerability exists only if NetworkManager is explicitly configured to use the dhclient backend. Detection involves verifying the NetworkManager configuration to see if dhclient is in use.

Since the flaw is triggered by processing malformed Manufacturer Usage Description (MUD) URLs, monitoring for unusual or malformed MUD URL processing or script execution related to dhclient could help detect exploitation attempts.

No specific commands or detection tools are provided in the available information.

Mitigation Strategies

Immediate mitigation involves ensuring that NetworkManager is not configured to use the dhclient backend, as the default configurations are not affected by this vulnerability.

If dhclient usage is required, consider disabling or restricting local user access to prevent exploitation via crafted MUD URLs.

Applying any available patches or updates from your vendor addressing this CVE is recommended once they become available.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10805. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart