CVE-2026-10805
Local Privilege Escalation in NetworkManager dhclient Backend
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| networkmanager | networkmanager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-10805 is a local privilege escalation vulnerability found in NetworkManager's dhclient backend. It occurs when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw by triggering a script via a specially crafted MUD URL, but only if an administrator has explicitly configured NetworkManager to use dhclient. Default NetworkManager configurations are not affected.
How can this vulnerability impact me? :
This vulnerability allows a local attacker to escalate their privileges on the affected system. By exploiting the flaw, the attacker can execute scripts with higher privileges, potentially gaining unauthorized access or control over system resources. However, exploitation requires that NetworkManager is explicitly configured to use dhclient, which is not the default setting.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability exists only if NetworkManager is explicitly configured to use the dhclient backend. Detection involves verifying the NetworkManager configuration to see if dhclient is in use.
Since the flaw is triggered by processing malformed Manufacturer Usage Description (MUD) URLs, monitoring for unusual or malformed MUD URL processing or script execution related to dhclient could help detect exploitation attempts.
No specific commands or detection tools are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves ensuring that NetworkManager is not configured to use the dhclient backend, as the default configurations are not affected by this vulnerability.
If dhclient usage is required, consider disabling or restricting local user access to prevent exploitation via crafted MUD URLs.
Applying any available patches or updates from your vendor addressing this CVE is recommended once they become available.