CVE-2026-40227

CWE-1025CWE-476NULL Pointer Dereference5 documents5 sources
Severity
6.2MEDIUM
EPSS
0.0%
top 95.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Systemd Systemd
Timeline
PublishedApr 10

Description

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages1 packages

CVEListV5systemd/systemd260261

🔴Vulnerability Details

2
GHSA
GHSA-x53v-pxf5-chx6: In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element2026-04-10
CVEList
CVE-2026-40227: In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element2026-04-10

📋Vendor Advisories

1
Red Hat
systemd: systemd: Denial of Service via malicious IPC API call with null element2026-04-10

💬Community

1
Bugzilla
CVE-2026-40227 systemd: systemd: Denial of Service via malicious IPC API call with null element2026-04-10
CVE-2026-40227 (MEDIUM CVSS 6.2) | In systemd 260 before 261 | cvebase.io