CVE-2026-40226

CWE-3485 documents5 sources
Severity
6.4MEDIUM
EPSS
0.0%
top 99.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Systemd Systemd
Timeline
PublishedApr 10

Description

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

CVEListV5systemd/systemd233260

🔴Vulnerability Details

2
CVEList
CVE-2026-40226: In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file2026-04-10
GHSA
GHSA-hc7r-6254-88w5: In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file2026-04-10

📋Vendor Advisories

1
Red Hat
systemd: systemd nspawn: Escape-to-host action via crafted config file2026-04-10

💬Community

1
Bugzilla
CVE-2026-40226 systemd: systemd nspawn: Escape-to-host action via crafted config file2026-04-10
CVE-2026-40226 (MEDIUM CVSS 6.4) | In nspawn in systemd 233 through 25 | cvebase.io