Hi Moritz Am 08.06.26 um 11:39 schrieb Moritz Mühlenhoff:
Source: network-manager X-Debbugs-CC: [email protected] Severity: normal Tags: securityHi, The following vulnerability was published for network-manager. CVE-2026-10805[0]: | A flaw was found in NetworkManager. This local privilege escalation | vulnerability exists in NetworkManager's dhclient backend when | processing malformed Manufacturer Usage Description (MUD) URLs. A | local user can exploit this flaw to escalate privileges by | triggering a script via a crafted MUD URL, provided an administrator | has explicitly configured NetworkManager to use dhclient. This issue | does not affect default configurations of NetworkManager. The only reference here is https://bugzilla.redhat.com/show_bug.cgi?id=2484613 but given that NM defaults to the internal DHCP client since ages and forky doesn't even include dhclient anymore, this seems really harmless
Agreed. I will close the bug report once a fix lands upstream (or will close it if none is provided) but I don't plan any backports or stable uploads.
OpenPGP_signature.asc
Description: OpenPGP digital signature
