Zero Day MonitorZDM

← Back to list

4.9

CVE-2026-4948EXPLOITED

red hat · red hat enterprise linux

Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

Description

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

References

https://access.redhat.com/security/cve/CVE-2026-4948(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2452086(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B

BSI Advisories3d ago

[UPDATE] [mittel] Red Hat Enterprise Linux: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-4948 | firewalld incorrect execution-assigned permissions

→ No new info (linked only)

CVSS 3.14.9 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-279

Published3/27/2026

Last enriched3d agov2

Tags

tarscrapyfile manipulationdenial of service

Trending Score29

Source articles2

Independent2

Info Completeness8/14

Missing: versions, epss, kev, exploit, patch, iocs

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-1961EXP

Forman: foreman: remote code execution via command injection in websocket proxy

HIGHCVE-2026-28369EXP

Undertow: undertow: request smuggling via malformed http request headers

HIGHCVE-2026-28367EXP

Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

NONECVE-2026-5165EXP

Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset

NONECVE-2026-5119EXP

Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 27, 2026

Discovered by ZDM

Mar 27, 2026

Updated: severity, cvssEstimate, activelyExploited, mitreAttack

Mar 27, 2026

Actively Exploited

Mar 27, 2026

Version History

v2

Last enriched 3d ago

v2Tier C3d ago

Updated severity to HIGH, CVSS estimate to 4.9, marked as actively exploited, and added MITRE ATT&CK technique T1222.

severitycvssEstimateactivelyExploitedmitreAttack

via VulDB

v13d ago

Initial creation