CVE-2026-10805: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Red Hat Multicluster Engine for Kubernetes
CVE-2026-10805 is a local privilege escalation vulnerability in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, but only if an administrator has explicitly configured NetworkManager to use dhclient. Default configurations of NetworkManager are not affected. The vulnerability has a CVSS score of 6. 7, indicating medium severity. There is no explicit vendor advisory content indicating a patch or mitigation status at this time.
AI Analysis
Technical Summary
This vulnerability exists in NetworkManager's dhclient backend component, which improperly neutralizes special elements in MUD URLs, leading to OS command injection. Exploitation requires local access and the presence of a specific NetworkManager configuration using dhclient. Successful exploitation allows a local user to escalate privileges by triggering arbitrary script execution. The issue does not affect default NetworkManager configurations and requires administrator configuration to be vulnerable.
Potential Impact
If exploited, a local attacker with low privileges can escalate their privileges to higher levels on the affected system. This could lead to full system compromise depending on the privileges gained. The vulnerability affects systems where NetworkManager is configured to use dhclient and processes malformed MUD URLs. There are no known exploits in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-10805 for current remediation guidance. Until a patch or official fix is available, administrators should review their NetworkManager configurations and consider disabling or avoiding the use of dhclient backend if feasible. Monitoring for updates from Red Hat is recommended.
CVE-2026-10805: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Red Hat Multicluster Engine for Kubernetes
Description
CVE-2026-10805 is a local privilege escalation vulnerability in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, but only if an administrator has explicitly configured NetworkManager to use dhclient. Default configurations of NetworkManager are not affected. The vulnerability has a CVSS score of 6. 7, indicating medium severity. There is no explicit vendor advisory content indicating a patch or mitigation status at this time.
CVSS v3.1
Score 6.7medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in NetworkManager's dhclient backend component, which improperly neutralizes special elements in MUD URLs, leading to OS command injection. Exploitation requires local access and the presence of a specific NetworkManager configuration using dhclient. Successful exploitation allows a local user to escalate privileges by triggering arbitrary script execution. The issue does not affect default NetworkManager configurations and requires administrator configuration to be vulnerable.
Potential Impact
If exploited, a local attacker with low privileges can escalate their privileges to higher levels on the affected system. This could lead to full system compromise depending on the privileges gained. The vulnerability affects systems where NetworkManager is configured to use dhclient and processes malformed MUD URLs. There are no known exploits in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-10805 for current remediation guidance. Until a patch or official fix is available, administrators should review their NetworkManager configurations and consider disabling or avoiding the use of dhclient backend if feasible. Monitoring for updates from Red Hat is recommended.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-04T05:10:00.738Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-10805","vendor":"Red Hat"}]
Threat ID: 6a210e2ee29bf47b506be551
Added to database: 6/4/2026, 5:33:34 AM
Last enriched: 6/4/2026, 5:48:49 AM
Last updated: 6/4/2026, 7:44:48 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.