Security Advisory

CVE-2026-4948

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-27 05:30:23

Last updated 2026-05-15 18:32:41

Assigner redhat

State PUBLISHED

Description

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.

← Browse all CVEs View on cve.org ↗