PolKit vulnerability allows any logged-in user to execute arbitrary code with root privileges. See https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
Since VyOS allows all logged-in users do anything at this moment, this is not a concern. Nonetheless, it's fixed by Debian's updates.