Pardus Linux Vulnerability Chain Enables Complete System Takeover
ID: 07c3c337-dc0b-5b0d-b5c4-9e8791fc83c0
STIX ID: report--07c3c337-dc0b-5b0d-b5c4-9e8791fc83c0
Feed Name: The Cyber Express
**CVE-2026-5140 — Pardus Linux critical local privilege escalation:** A CVSS 9.3 vulnerability chain in the pardus-update package allows any unprivileged local user to gain root by exploiting a Polkit misconfiguration, CRLF injection into /etc/pardus/pardus-update.conf, and an untrusted APT source path; researchers demonstrated a PoC that writes a malicious .list and installs a Debian package to set SUID on /bin/bash, resulting in full system compromise. Administrators are advised to harden Polkit rules, sanitize CRLF characters, and restrict APT source paths.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.