CVE-2026-4897

EPSS 0.01%
Veröffentlicht 26.03.2026 15:16:43
Zuletzt bearbeitet 21.04.2026 16:29:29
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Polkit: polkit: denial of service via unbounded input processing through standard input

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 7 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freedesktop ≫ Polkit Version-

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://access.redhat.com/security/cve/CVE-2026-4897

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2451739

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-4897

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4897

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4897

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-4897