Denial of Service Vulnerability in systemd by Systemd Developers
CVE-2026-29111

5.5MEDIUM

Key Information:

Vendor

Systemd

Status
Systemd
Vendor
CVE Published:
23 March 2026

What is CVE-2026-29111?

A vulnerability in systemd allows for a denial of service when an unprivileged IPC API call is made with unexpected data, causing the system to freeze execution. In versions v249 and below, this can lead to stack overwriting with attacker-controlled content. From version v250 onward, a safety check results in an assert instead of execution freeze, mitigating the risk. Users should ensure they run patched versions (260-rc1, 259.2, 258.5, and 257.11) to avoid potential issues.

Affected Version(s)

systemd >= 239, < 257.11 < 239, 257.11

systemd >= 258, < 258.5 < 258, 258.5

systemd >= 259, < 259.2 < 259, 259.2

References

https://github.com/systemd/systemd/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/systemd/systemd/commit/1d22f706bd04f45...
x_refsource_MISC
https://github.com/systemd/systemd/commit/20021e768642605...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.