Description
A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.
Published: 2026-03-27
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized modification of firewall state
Action: Apply workaround
AI Analysis

Impact

The vulnerability in firewalld occurs when two runtime D‑Bus setters, setZoneSettings2 and setPolicySettings, are mis‑authorized. A local unprivileged user can invoke these setters without proper authentication, allowing the user to change the firewall configuration at runtime. This leads to unauthorized changes in network security settings such as opening ports or altering zones, thereby undermining the protection intended by the firewall.

Affected Systems

Affected products include Red Hat Enterprise Linux 7 through 10 and Red Hat OpenShift Container Platform 4. All versions of the firewalld service shipped with these distributions are susceptible; no specific sub‑versions are listed.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate impact. The exploit probability is not reported, and the vulnerability is not listed in CISA’s KEV catalog, suggesting a lower likelihood of widespread exploitation. The attack vector is local; an attacker must have an account on the host and may already have ordinary user privileges. Once the unprivileged user invokes the mis‑authorized D‑Bus calls, the firewall state can be altered immediately, potentially exposing services to the outside world or bypassing security policies.

Generated by OpenCVE AI on March 27, 2026 at 07:21 UTC.

Remediation

Vendor Workaround

To mitigate this issue, ensure that the firewalld desktop policy is not active on systems where local unprivileged user access is a concern. If firewalld is not required, it can be disabled. Disabling firewalld may impact network services that rely on it. To disable firewalld: sudo systemctl stop firewalld sudo systemctl disable firewalld A system restart or service reload may be required for changes to take full effect.

OpenCVE Recommended Actions

  • Stop and disable firewalld service with systemctl.
  • Ensure the firewalld desktop policy is not active on systems where local unprivileged user access is a concern.
  • Reboot the system or reload the service to apply changes fully.
  • Verify that firewall rules are intact and no unauthorized changes have occurred.
  • Monitor system logs for any unexpected D‑Bus activity related to firewalld.
  • Check Red Hat advisories for a future patch and apply it when released.

Generated by OpenCVE AI on March 27, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

threat_severity

Moderate

Fri, 27 Mar 2026 06:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.
Title Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-279
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Redhat Enterprise Linux Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-27T11:21:20.810Z

Reserved: 2026-03-27T05:23:36.264Z

Link: CVE-2026-4948

cve-icon Vulnrichment

Updated: 2026-03-27T11:21:12.998Z

cve-icon NVD

Status : Received

Published: 2026-03-27T06:16:39.543

Modified: 2026-03-27T06:16:39.543

Link: CVE-2026-4948

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-27T00:00:00Z

Links: CVE-2026-4948 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:09Z

Weaknesses