CVE-2026-40228

CWE-669CWE-1176 documents6 sources
Severity
2.9LOW
EPSS
0.0%
top 98.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Systemd Systemd
Timeline
PublishedApr 10

Description

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 1.4 | Impact: 1.4

Affected Packages1 packages

CVEListV5systemd/systemd259

🔴Vulnerability Details

3
GHSA
GHSA-grjh-583f-v73h: In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if F2026-04-10
CVEList
CVE-2026-40228: In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if F2026-04-10
VulDB
systemd 259 ANSI Escape Sequence resource transfer (EUVD-2026-21498)2026-04-10

📋Vendor Advisories

1
Red Hat
systemd: systemd-journald: Unintended output to user terminals via logger command2026-04-10

💬Community

1
Bugzilla
CVE-2026-40228 systemd: systemd-journald: Unintended output to user terminals via logger command2026-04-10
CVE-2026-40228 (LOW CVSS 2.9) | In systemd 259 | cvebase.io