Known Vulnerabilities for Polkit by Polkit Project
Listed below are 10 of the newest known vulnerabilities associated with "Polkit" by "Polkit Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41048 json | Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacke... | Not Provided | 2026-06-22 | 2026-07-07 |
| CVE-2026-41045 json | A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSna... | Not Provided | 2026-06-22 | 2026-06-22 |
| CVE-2025-7519 json | A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write ca... | Not Provided | 2025-07-14 | 2026-06-30 |
| CVE-2025-6019 json | A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit pe... | Not Provided | 2025-06-19 | 2026-06-30 |
| CVE-2025-6018 json | A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modu... | Not Provided | 2025-07-23 | 2026-06-30 |
| CVE-2024-9050 json | A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sa... | Not Provided | 2024-10-22 | 2026-06-25 |
| CVE-2021-4115 json | There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhau... | 5.5 - MEDIUM | 2022-02-21 | 2023-11-07 |
| CVE-2021-4034 json | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool desi... | 7.8 - HIGH | 2022-01-28 | 2023-11-07 |
| CVE-2021-3560 json | It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges o... | 7.8 - HIGH | 2022-02-16 | 2023-11-07 |
| CVE-2019-6133 json | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and ther... | 6.7 - MEDIUM | 2019-01-11 | 2020-08-24 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Polkit Project | Polkit | 0.99 | |||
| Application | Polkit Project | Polkit | 0.98 | |||
| Application | Polkit Project | Polkit | 0.97 | |||
| Application | Polkit Project | Polkit | 0.96 | |||
| Application | Polkit Project | Polkit | 0.95 | |||
| Application | Polkit Project | Polkit | 0.94 | |||
| Application | Polkit Project | Polkit | 0.93 | |||
| Application | Polkit Project | Polkit | 0.92 | |||
| Application | Polkit Project | Polkit | 0.91 | |||
| Application | Polkit Project | Polkit | 0.9 | |||
| Application | Polkit Project | Polkit | 0.8 | |||
| Application | Polkit Project | Polkit | 0.7 | |||
| Application | Polkit Project | Polkit | 0.6 | |||
| Application | Polkit Project | Polkit | 0.5 | |||
| Application | Polkit Project | Polkit | 0.4 | |||
| Application | Polkit Project | Polkit | 0.3 | |||
| Application | Polkit Project | Polkit | 0.116 | |||
| Application | Polkit Project | Polkit | 0.115 | |||
| Application | Polkit Project | Polkit | 0.114 | |||
| Application | Polkit Project | Polkit | 0.113 |