Fluid Attacks Database

Description

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g_file_test of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	packagekit	=1.2.2-2 \|\| =1.2.2-2+deb11u1 \|\| =1.2.4-1 \|\| =1.2.5-1 \|\| =1.2.5-2 \|\| =1.2.5-3 \|\| =1.2.5-4 \|\| =1.2.6-1 \|\| =1.2.6-2 \|\| =1.2.6-3 \|\| =1.2.6-4 \|\| =1.2.6-5 \|\| =1.2.7-1 \|\| =1.2.8-1 \|\| =1.2.8-2 \|\| =1.3.0-1 \|\| =1.3.0-2 \|\| =1.3.0-3 \|\| =1.3.1-1 \|\| =1.3.2-1 \|\| =1.3.3-1 \|\| =1.3.4-1 \|\| =1.3.4-3 \|\| =1.3.5-1
debian 12	packagekit	=1.2.6-5 \|\| =1.2.6-5+deb12u1 \|\| =1.2.7-1 \|\| =1.2.8-1 \|\| =1.2.8-2 \|\| =1.3.0-1 \|\| =1.3.0-2 \|\| =1.3.0-3 \|\| =1.3.1-1 \|\| =1.3.2-1 \|\| =1.3.3-1 \|\| =1.3.4-1 \|\| =1.3.4-3 \|\| =1.3.5-1
debian 13	packagekit	=1.3.1-1 \|\| =1.3.1-1+deb13u1 \|\| =1.3.2-1 \|\| =1.3.3-1 \|\| =1.3.4-1 \|\| =1.3.4-3 \|\| =1.3.5-1
debian 14	packagekit	=1.3.1-1 \|\| =1.3.2-1 \|\| =1.3.3-1 \|\| =1.3.4-1 \|\| =1.3.4-3 \|\| =1.3.5-1

Aliases

1. CVE-2026-102942. NVD-2026-102943. OSV-DEBIAN-2026-102944. OSV-2026-102945. SECURITY-TRACKER-CVE-2026-10294

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.