CVE-2026-40225

CWE-669CWE-2505 documents5 sources
Severity
6.4MEDIUM
EPSS
0.0%
top 94.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Systemd Systemd
Timeline
PublishedApr 10

Description

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

CVEListV5systemd/systemd< 260

🔴Vulnerability Details

2
GHSA
GHSA-396h-m3pm-fpm5: In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output2026-04-10
CVEList
CVE-2026-40225: In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output2026-04-10

📋Vendor Advisories

1
Red Hat
systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output2026-04-10

💬Community

1
Bugzilla
CVE-2026-40225 systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output2026-04-10
CVE-2026-40225 (MEDIUM CVSS 6.4) | In udev in systemd before 260 | cvebase.io