polkit

A new privilege‑escalation vulnerability in systemd’s machine-management component — tracked as CVE‑2026‑4105 — has been disclosed and patched, and it demands immediate attention from desktop Linux users and system administrators who run optional systemd packages. The bug stems from improper...

A deep parsing bug in polkit’s XML policy handler can be triggered by a crafted .policy file with unusually deep nesting (32 or more elements), producing an out‑of‑bounds write that can crash polkit’s daemon and — in the worst case — might be leveraged toward code execution; vendors and upstream...