SUSE and openSUSE Firewalld Vulnerability CVE-2026-4948 Affects Local Users

SUSE and openSUSE Firewalld Vulnerability CVE-2026-4948 Affects Local Users

First seen 30 Jun 2026, 08:40 UTC Linuxsecurity 77% similarity 59.0
Share:

Article Content

Browse articles
ThreatCluster

A moderate vulnerability (CVE-2026-4948) has been identified in firewalld, allowing local unprivileged users to modify the firewall state due to D-Bus setter mis-authorizations. This affects both SUSE Linux Micro 6.2 and openSUSE Leap 16.0 systems. The issue was published on March 27, 2026, and has been assigned a CVSS score of 4.0. Patches are available through standard installation methods like YaST online_update or 'zypper patch'. Administrators are advised to apply the updates to mitigate potential exploitation. The vulnerability does not appear to have been actively exploited at this time. The advisory emphasizes the importance of updating affected systems promptly.

Key Points: • CVE-2026-4948 allows local unprivileged users to alter firewall settings. • Patches are available for both SUSE Linux Micro 6.2 and openSUSE Leap 16.0. • The vulnerability has a moderate severity rating with a CVSS score of 4.0.

ThreatCluster AI

Timeline

2026-03-27
CVE-2026-4948 published
A vulnerability allowing local unprivileged users to modify firewall state due to D-Bus mis-authorizations was disclosed.
Linuxsecurity
2026-06-22
SUSE patch released
SUSE released an update to address CVE-2026-4948 for SUSE Linux Micro 6.2 systems.
Linuxsecurity
2026-06-30
openSUSE patch released
openSUSE released an update to address CVE-2026-4948 for openSUSE Leap 16.0 systems.
Linuxsecurity

Community

Browse all →