CVE-2026-10294

EUVD-2026-33818
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g_file_test of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Debian logo
Debian Releases
Debian Product
Codename
packagekit
bookworm
postponed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
postponed
trixie (security)
vulnerable
Common Weakness Enumeration
References
https://github.com/PackageKit/PackageKit/
https://github.com/PackageKit/PackageKit/issues/969
https://vuldb.com/cve/CVE-2026-10294
https://vuldb.com/submit/826470
https://vuldb.com/vuln/367587
https://vuldb.com/vuln/367587/cti