A vulnerability, which was classified as problematic , was found in PackageKit up to 1.3.5 . Affected is the function g_file_test of the file src/pk-transaction.c of the component API . Such manipulation of the argument frontend-socket leads to improper authorization. This vulnerability is documented as CVE-2026-10294 . The attack can be executed remotely. Additionally, an exploit exists.