CVE-2026-10294

EUVD-2026-33818
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g_file_test of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Debian logo
Debian Releases
Debian Product
Codename
packagekit
bookworm
postponed
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
1.3.6-1
fixed
sid
1.3.6-1
fixed
trixie
no-dsa
trixie (security)
vulnerable