A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Jboss Enterprise Application Platform Expansion Pack
  • Jbosseapxp
  • Multicluster Engine
  • Multicluster Engine For Kubernetes
  • Networkmanager
  • Openshift
  • Openshift Container Platform

No data.

No data.

References
Link Providers
https://access.redhat.com/security/cve/CVE-2026-10805 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2484613 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-10805 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-10805 cve-icon
History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Expansion Pack
Redhat multicluster Engine For Kubernetes
Redhat networkmanager
Redhat openshift Container Platform
Vendors & Products Redhat jboss Enterprise Application Platform Expansion Pack
Redhat multicluster Engine For Kubernetes
Redhat networkmanager
Redhat openshift Container Platform

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 04 Jun 2026 05:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.
Title Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend
First Time appeared Redhat
Redhat enterprise Linux
Redhat jbosseapxp
Redhat multicluster Engine
Redhat openshift
Weaknesses CWE-78
CPEs cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:multicluster_engine
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat jbosseapxp
Redhat multicluster Engine
Redhat openshift
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-04T05:21:34.080Z

Updated: 2026-06-04T12:39:54.739Z

Reserved: 2026-06-04T05:10:00.738Z

Link: CVE-2026-10805

cve-icon Vulnrichment

Updated: 2026-06-04T12:39:50.111Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-04T06:16:21.780

Modified: 2026-06-04T15:35:18.623

Link: CVE-2026-10805

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-04T00:00:00Z

Links: CVE-2026-10805 - Bugzilla