Arbitrary User Terminal Exposure in Systemd Components
CVE-2026-40228

2.9LOW

Key Information:

Vendor: Systemd
Status: Systemd
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-40228?

In systemd version 259, a security vulnerability exists in systemd-journald, where it can unintentionally transmit ANSI escape sequences to the terminals of users. This occurs when the 'logger -p emerg' command is executed, especially if the ForwardToWall option is set to 'yes'. This could lead to unexpected behavior and potential exposure of sensitive information within user terminals.

Affected Version(s)

systemd 259

References

https://www.openwall.com/lists/oss-security/2026/04/08/1

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40228 Data

JSON