The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the system.CreditsMatthias Gerstner of SUSEReferenceshttps://security.opensuse.org/2026/04/27/plasma-login-manager.html#6-upstream-bugfixhttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25710
