CVE-2026-40224

CWE-863Incorrect AuthorizationCWE-2665 documents5 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 98.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Systemd Systemd
Timeline
PublishedApr 10

Description

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5systemd/systemd259260

🔴Vulnerability Details

2
GHSA
GHSA-jf3x-2pf6-c45w: In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace2026-04-10
CVEList
CVE-2026-40224: In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace2026-04-10

📋Vendor Advisories

1
Red Hat
systemd: systemd-machined: Local privilege escalation via varlink2026-04-10

💬Community

1
Bugzilla
CVE-2026-40224 systemd: systemd-machined: Local privilege escalation via varlink2026-04-10
CVE-2026-40224 (MEDIUM CVSS 6.7) | In systemd 259 before 260 | cvebase.io