CVE-2021-3560

CVE-2021-3560

Vendor N/A

Product polkit

Weakness CWE-863 · Incorrect authorization

KEV Status Known Exploited

Published February 16, 2022

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

February 16, 2022 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-3560 CISA KEV Reference https://bugzilla.redhat.com/show_bug.cgi?id=1961710 CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2021-3560

Related vulnerabilities

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE