Cyber Resilience

CVE-2026-4948

Medium

Published: 27 March 2026

Published
27 March 2026
Modified
15 May 2026
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0012 2.0th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-4948 is a medium-severity Incorrect Execution-Assigned Permissions (CWE-279) vulnerability in Firewalld Firewalld. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify System Firewall (T1686); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading…

more

to unauthorized changes in network security configurations.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1686 Disable or Modify System Firewall Defense Impairment
Adversaries may disable or modify host-based or network firewalls to impair defensive mechanisms and enable further action.
Why these techniques?

Direct authorization bypass in firewalld D-Bus API enables unauthorized runtime modification of system firewall state (T1562.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

firewalld
firewalld
≤ 2.4.0
redhat
enterprise linux
7.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References