📦

polkit

Vendor: freedesktop

Actively Exploited 2 CISA KEV List

PoC / Exploits 3 Code Available

Total RCEs 1 Remote Access

Total CVEs 19 Total Indexed

Avg. EPSS 12.12% Exploit Prob.

Latest CVE CVE-2026-4897 Mar 26

Security Vulnerability Index

Page 2 / 2

4.6 CVSS

CVE-2015-3255

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

EPSS: 0.11%

Severity: MEDIUM

Oct 26, 2015

2.1 CVSS

CVE-2015-3218

The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.

EPSS: 0.13%

Severity: LOW

Oct 26, 2015

7.2 CVSS

CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.

EPSS: 0.05%

Severity: HIGH

Oct 03, 2013

Displaying 3 of 19 Total Entries

1 2

Total 2 Sections