Main Vulnerability Database Exploits ID:12344 - Exploit for Missing Authorization in fwupd

ID:12344 - Exploit for Missing Authorization in fwupd

Published: February 2, 2026

Vulnerability identifier: #VU122226

Vulnerability risk: Low

CVE-ID: N/A

CWE-ID: CWE-862

Exploitation vector: Local access

Vulnerable software:
fwupd

Link to public exploit:

The vulnerability allows a local user to bypass authorization process.

The vulnerability exists due to the daemon ignores the PolicyKit authorization. A local user can enable the admin-only emulation tagging feature.

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.