CVE-2026-10805
- EPSS 0.12%
- Veröffentlicht 04.06.2026 05:21:34
- Zuletzt bearbeitet 04.06.2026 15:35:18
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileg...
CVE-2026-10101
- EPSS 0.18%
- Veröffentlicht 29.05.2026 16:16:24
- Zuletzt bearbeitet 02.07.2026 16:16:29
ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A namespace principal with the stock `view` ClusterRole cannot directly read Secrets, but can read `Inf...
CVE-2026-7163
- EPSS 0.17%
- Veröffentlicht 30.04.2026 13:18:49
- Zuletzt bearbeitet 30.06.2026 03:21:19
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials...