CVE-2026-40224 PUBLISHED

Assigner: mitre
Reserved: 10.04.2026 Published: 10.04.2026 Updated: 10.04.2026

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 6.7

Product Status

Vendor systemd
Product systemd
Versions Default: unaffected
  • affected from 259 to 260 (excl.)

References

Problem Types

  • CWE-863 Incorrect Authorization CWE