Skip to main content

Polkit CVE-2026-4897

| EUVDEUVD-2026-16214 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-03-26 secalert@redhat.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 15:22 euvd
EUVD-2026-16214
Analysis Generated
Mar 26, 2026 - 15:22 vuln.today
CVE Published
Mar 26, 2026 - 15:16 nvd
MEDIUM 5.5

DescriptionCVE.org

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

AnalysisAI

Polkit's polkit-agent-helper-1 setuid binary fails to bound input length on stdin, allowing local authenticated users to trigger out-of-memory conditions and deny system availability. An attacker with local login privileges can supply excessively long input to exhaust memory resources, causing a system-wide denial of service. No public exploit code or active exploitation has been confirmed at the time of analysis.

Technical ContextAI

Polkit is a system authorization framework used across Linux distributions (including Red Hat and SUSE) to delegate privilege escalation decisions. The polkit-agent-helper-1 binary is a setuid-root helper component that handles authentication requests from the polkit daemon. The vulnerability stems from CWE-770 (Allocation of Resources Without Limits or Throttling), where the stdin input stream is read without enforcing maximum buffer or memory consumption limits. When a local user provides input larger than available system memory, the process attempts unbounded allocation, exhausting RAM and triggering OOM killer events that can crash critical system services. This affects the polkit authentication pipeline and represents a privilege escalation helper attack surface.

RemediationAI

Consult the Red Hat security advisory (https://access.redhat.com/security/cve/CVE-2026-4897) and corresponding SUSE advisory for exact patched version numbers and upgrade instructions. Apply the vendor-released patch immediately to all systems running polkit with local user accounts. As an interim mitigation, restrict local shell access to trusted administrators only, disable polkit-agent-helper-1 if not required for the deployment use case, and monitor system memory and OOM events for signs of exploitation attempts. Implement resource limits (ulimit, cgroups) on user sessions to cap memory allocation per process, reducing the DoS impact scope.

Vendor StatusVendor

Debian

policykit-1
Release Status Fixed Version Urgency
bullseye, bullseye (security) vulnerable 0.105-31+deb11u1 -
bookworm vulnerable 122-3 -
trixie vulnerable 126-2 -
forky, sid vulnerable 127-2 -
(unstable) fixed (unfixed) -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed

Share

CVE-2026-4897 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy