Fluid Attacks Database

Description

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package
rpm rhel10	NetworkManager
rpm rhel6	NetworkManager
rpm rhel7	NetworkManager
rpm rhel8	NetworkManager
rpm rhel9	NetworkManager
rpm rhel10	NetworkManager-libreswan
rpm rhel7	NetworkManager-libreswan
rpm rhel8	NetworkManager-libreswan
rpm rhel9	NetworkManager-libreswan
rpm rhel6	NetworkManager-openswan

1-10 of 14

Aliases

1. CVE-2026-108052. NVD-2026-108053. OSV-2026-10805

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.