CVE-2026-10805

MEDIUM NVD

CVSS Score 6.7

Severity MEDIUM

Published Jun 04, 2026

Vendor unknown

Description

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.

References

https://access.redhat.com/security/cve/CVE-2026-10805
https://bugzilla.redhat.com/show_bug.cgi?id=2484613