Source: network-manager X-Debbugs-CC: [email protected] Severity: normal Tags: security
Hi, The following vulnerability was published for network-manager. CVE-2026-10805[0]: | A flaw was found in NetworkManager. This local privilege escalation | vulnerability exists in NetworkManager's dhclient backend when | processing malformed Manufacturer Usage Description (MUD) URLs. A | local user can exploit this flaw to escalate privileges by | triggering a script via a crafted MUD URL, provided an administrator | has explicitly configured NetworkManager to use dhclient. This issue | does not affect default configurations of NetworkManager. The only reference here is https://bugzilla.redhat.com/show_bug.cgi?id=2484613 but given that NM defaults to the internal DHCP client since ages and forky doesn't even include dhclient anymore, this seems really harmless If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-10805 https://www.cve.org/CVERecord?id=CVE-2026-10805 Please adjust the affected versions in the BTS as needed.
