CVE-2026-10805: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Red Hat Multicluster Engine for Kubernetes
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.
AI Analysis
Technical Summary
This vulnerability involves improper neutralization of special elements used in an OS command within NetworkManager's dhclient backend. Specifically, when processing malformed MUD URLs, a local attacker with limited privileges can escalate their privileges by triggering a script execution. The issue requires that NetworkManager be explicitly configured to use dhclient, which is not the default setting. The vulnerability has a CVSS 3.1 base score of 6.7, indicating a medium severity level.
Potential Impact
Successful exploitation allows a local user to escalate privileges on the affected system, potentially gaining higher-level access. This could lead to unauthorized actions with elevated privileges. However, the vulnerability does not affect default NetworkManager configurations, limiting the exposure to systems where dhclient is explicitly enabled.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-10805 for current remediation guidance. Until a patch is available, administrators should review their NetworkManager configurations and consider disabling dhclient usage if not required. No official fix or temporary workaround is currently documented in the advisory.
CVE-2026-10805: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Red Hat Multicluster Engine for Kubernetes
Description
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.
CVSS v3.1
Score 6.7medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper neutralization of special elements used in an OS command within NetworkManager's dhclient backend. Specifically, when processing malformed MUD URLs, a local attacker with limited privileges can escalate their privileges by triggering a script execution. The issue requires that NetworkManager be explicitly configured to use dhclient, which is not the default setting. The vulnerability has a CVSS 3.1 base score of 6.7, indicating a medium severity level.
Potential Impact
Successful exploitation allows a local user to escalate privileges on the affected system, potentially gaining higher-level access. This could lead to unauthorized actions with elevated privileges. However, the vulnerability does not affect default NetworkManager configurations, limiting the exposure to systems where dhclient is explicitly enabled.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-10805 for current remediation guidance. Until a patch is available, administrators should review their NetworkManager configurations and consider disabling dhclient usage if not required. No official fix or temporary workaround is currently documented in the advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-04T05:10:00.738Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-10805","vendor":"Red Hat"}]
Threat ID: 6a210e2ee29bf47b506be551
Added to database: 6/4/2026, 5:33:34 AM
Last enriched: 6/11/2026, 8:46:01 AM
Last updated: 6/12/2026, 5:43:43 AM
Views: 41
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.