OESA-2026-2822

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2822
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2822.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2822
Upstream
  • CVE-2026-10805
Published
2026-07-06T06:26:47Z
Modified
2026-07-06T06:45:17.021210786Z
Summary
NetworkManager security update
Details

NetworkManager attempts to keep an active network connection available at all times. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using DHCP, NetworkManager is intended to replace default routes, obtain IP addresses from a DHCP server, and change name servers whenever it sees fit.

Security Fix(es):

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager.(CVE-2026-10805)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / NetworkManager

Package

Name
NetworkManager
Purl
pkg:rpm/openEuler/NetworkManager&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.2-17.oe2003sp4

Ecosystem specific

{
    "aarch64": [
        "NetworkManager-1.26.2-17.oe2003sp4.aarch64.rpm",
        "NetworkManager-debuginfo-1.26.2-17.oe2003sp4.aarch64.rpm",
        "NetworkManager-debugsource-1.26.2-17.oe2003sp4.aarch64.rpm",
        "NetworkManager-libnm-1.26.2-17.oe2003sp4.aarch64.rpm",
        "NetworkManager-libnm-devel-1.26.2-17.oe2003sp4.aarch64.rpm",
        "NetworkManager-wwan-1.26.2-17.oe2003sp4.aarch64.rpm"
    ],
    "noarch": [
        "NetworkManager-config-server-1.26.2-17.oe2003sp4.noarch.rpm",
        "NetworkManager-help-1.26.2-17.oe2003sp4.noarch.rpm"
    ],
    "x86_64": [
        "NetworkManager-1.26.2-17.oe2003sp4.x86_64.rpm",
        "NetworkManager-debuginfo-1.26.2-17.oe2003sp4.x86_64.rpm",
        "NetworkManager-debugsource-1.26.2-17.oe2003sp4.x86_64.rpm",
        "NetworkManager-libnm-1.26.2-17.oe2003sp4.x86_64.rpm",
        "NetworkManager-libnm-devel-1.26.2-17.oe2003sp4.x86_64.rpm",
        "NetworkManager-wwan-1.26.2-17.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "NetworkManager-1.26.2-17.oe2003sp4.src.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2822.json"