{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-10805","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2026-06-04T05:10:00.738Z","datePublished":"2026-06-04T05:21:34.080Z","dateUpdated":"2026-07-02T06:59:56.001Z"},"containers":{"cna":{"title":"Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager."}],"affected":[{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/cluster-api-provider-aws-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mobile-broadband-provider-info","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"network-manager-applet","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-openswan","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mobile-broadband-provider-info","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"network-manager-applet","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"networkmanager","defaultStatus":"affected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/kubernetes-nmstate-rhel8-operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/kubernetes-nmstate-rhel9-operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-aws-cluster-api-controllers-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-aws-cluster-api-controllers-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-kubernetes-nmstate-handler-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-kubernetes-nmstate-handler-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-ovn-kubernetes-microshift-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-ovn-kubernetes-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-user-workloads/art-images","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-10805","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2484613","name":"RHBZ#2484613","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2026-06-04T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","workarounds":[{"lang":"en","value":"To prevent exploitation, ensure NetworkManager is not configured to use the `dhclient` backend. The default configuration on Red Hat Enterprise Linux does not enable `dhclient`. If a custom configuration file, such as `/etc/NetworkManager/conf.d/00-dhcp.conf`, contains `[main] dhcp=dhclient`, remove or comment out this line. After modifying the configuration, restart the NetworkManager service: `sudo systemctl restart NetworkManager` Warning: Restarting the NetworkManager service will temporarily disrupt network connectivity."}],"timeline":[{"lang":"en","time":"2026-06-04T05:09:41.937Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-06-04T00:00:00.000Z","value":"Made public."}],"credits":[{"lang":"en","value":"Red Hat would like to thank Andrej Tomci for reporting this issue."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-07-02T06:59:56.001Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-04T12:38:00.972683Z","id":"CVE-2026-10805","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-04T12:39:54.739Z"}}]}}