CVE-2026-4948
Published: 27 March 2026
Summary
CVE-2026-4948 is a medium-severity Incorrect Execution-Assigned Permissions (CWE-279) vulnerability in Firewalld Firewalld. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify System Firewall (T1686); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-16557
Vulnerability details
A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading…
more
to unauthorized changes in network security configurations.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct authorization bypass in firewalld D-Bus API enables unauthorized runtime modification of system firewall state (T1562.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.