cbcvebase.
CVE-2026-40225
published 2026-04-10

CVE-2026-40225: In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

PriorityP429medium6.4CVSS 3.1
AVPACHPRNUINSUCHIHAH
EPSS
0.14%
4.1th percentile
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Affected

4 ranges
VendorProductVersion rangeFixed in
systemdsystemd< 260260
systemd_projectsystemd< 257.13257.13
systemd_projectsystemd>= 258 < 258.7258.7
systemd_projectsystemd>= 259 < 259.5259.5

CVSS provenance

nvdv3.16.4MEDIUMCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.