Medium severity5.5NVD Advisory· Published Mar 26, 2026· Updated Apr 21, 2026
CVE-2026-4897
CVE-2026-4897
Description
A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords12 versionspkg:rpm/opensuse/polkit&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/polkit&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/polkit&distro=openSUSE%20Tumbleweedpkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Micro%206.2
< 121-150500.3.11.1+ 11 more
- (no CPE)range: < 121-150500.3.11.1
- (no CPE)range: < 123-160000.3.1
- (no CPE)range: < 127-3.1
- (no CPE)range: < 2.7.1-160000.5.1
- (no CPE)range: < 121-150500.3.11.1
- (no CPE)range: < 121-150500.3.11.1
- (no CPE)range: < 123-160000.3.1
- (no CPE)range: < 123-160000.3.1
- (no CPE)range: < 0.113-5.35.1
- (no CPE)range: < 121-4.1
- (no CPE)range: < 121-slfo.1.1_3.1
- (no CPE)range: < 123-160000.3.1
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2026-4897nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.