Known Vulnerabilities for Polkit by Polkit Project

Listed below are 10 of the newest known vulnerabilities associated with "Polkit" by "Polkit Project".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-34397 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 an... Not Provided 2026-04-01 2026-04-01
CVE-2026-4897 A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `po... Not Provided 2026-03-26 2026-03-30
CVE-2021-4115 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhau... 5.5 - MEDIUM 2022-02-21 2023-11-07
CVE-2021-4034 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool desi... 7.8 - HIGH 2022-01-28 2023-11-07
CVE-2021-3560 It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges o... 7.8 - HIGH 2022-02-16 2023-11-07
CVE-2019-6133 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and ther... 6.7 - MEDIUM 2019-01-11 2020-08-24
CVE-2018-19788 A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute a... 8.8 - HIGH 2018-12-03 2019-08-06
CVE-2018-1116 A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authori... 4.4 - MEDIUM 2018-07-10 2020-05-05
CVE-2015-4625 Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to... 4.6 - MEDIUM 2015-10-26 2018-10-30
CVE-2015-3256 PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon cra... 4.6 - MEDIUM 2015-10-26 2018-10-30
Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationPolkit ProjectPolkit0.99AllAllAll
ApplicationPolkit ProjectPolkit0.98AllAllAll
ApplicationPolkit ProjectPolkit0.97AllAllAll
ApplicationPolkit ProjectPolkit0.96AllAllAll
ApplicationPolkit ProjectPolkit0.95AllAllAll
ApplicationPolkit ProjectPolkit0.94AllAllAll
ApplicationPolkit ProjectPolkit0.93AllAllAll
ApplicationPolkit ProjectPolkit0.92AllAllAll
ApplicationPolkit ProjectPolkit0.91AllAllAll
ApplicationPolkit ProjectPolkit0.9AllAllAll
ApplicationPolkit ProjectPolkit0.8AllAllAll
ApplicationPolkit ProjectPolkit0.7AllAllAll
ApplicationPolkit ProjectPolkit0.6AllAllAll
ApplicationPolkit ProjectPolkit0.5AllAllAll
ApplicationPolkit ProjectPolkit0.4AllAllAll
ApplicationPolkit ProjectPolkit0.3AllAllAll
ApplicationPolkit ProjectPolkit0.116AllAllAll
ApplicationPolkit ProjectPolkit0.115AllAllAll
ApplicationPolkit ProjectPolkit0.114AllAllAll
ApplicationPolkit ProjectPolkit0.113AllAllAll
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report