CVEFinder.io

CVE-2026-4897

🔶 medium
🔍 Scan for this CVE
Summary

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

CVSS Score
5.5
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-26
First Seen: 2026-03-27
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.7% of all 318,071 vulnerabilities in our database.

#214,189
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 28, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-04-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-770

📦 Affected Products 7

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v6.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
freedesktop polkit Affected
v-
redhat openshift_container_platform Affected
v4.0

🔗 References 2

https://access.redhat.com/security/cve/CVE-2026-4897
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2451739
Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-4878 🔶 medium 6.7 0.0 A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition... 2026-04-09
CVE-2026-35091 ⚠️ high 8.2 0.3 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Co... 2026-04-01
CVE-2026-35092 ⚠️ high 7.5 1.0 A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a re... 2026-04-01
CVE-2026-5121 ⚠️ high 7.5 0.1 A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer ... 2026-03-30
CVE-2026-28368 ⚠️ high 8.7 0.1 A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where ... 2026-03-27
CVE-2026-28369 ⚠️ high 8.7 0.1 A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more... 2026-03-27
These CVEs affect the same products