CVE-2026-25710

Vulnerability Description

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the system.

Related Weaknesses (CWE)

CWE-250

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25710
https://security.opensuse.org/2026/04/27/plasma-login-manager.html#6-upstream-bu
http://www.openwall.com/lists/oss-security/2026/04/27/1

FAQ

What is CVE-2026-25710?

CVE-2026-25710 is a documented vulnerability. The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the sys...

How severe is CVE-2026-25710?

CVSS scoring is not yet available for CVE-2026-25710. Check NVD for updates.

Is there a patch for CVE-2026-25710?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.