Local Privilege Escalation in systemd by systemd Vendor
CVE-2026-40224

6.7MEDIUM

Key Information:

Vendor: Systemd
Status: Systemd
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-40224?

A local privilege escalation vulnerability exists in systemd versions prior to 260, specifically within systemd-machined. This flaw allows an authenticated user to exploit the Varlink interface to access the root namespace, potentially leading to unauthorized operations and system compromise. Administrators should prioritize updating to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

systemd 259 < 260

References

https://github.com/systemd/systemd/security/advisories/GH...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40224 Data

JSON

Systemd

What is CVE-2026-40224?

Affected Version(s)

References

CVSS V3.1

Timeline