Local Privilege Escalation Vulnerability in NovumOS by MinecAnton209
CVE-2026-40317

9.4CRITICAL

Key Information:

Vendor: Minecanton209
Status: Novumos
Vendor: CVE Published:; 18 April 2026

🔔 Create Minecanton209 Vulnerability Alert

What is CVE-2026-40317?

NovumOS, a custom 32-bit operating system, is affected by a local privilege escalation vulnerability due to Syscall 12 (JumpToUser) accepting user-space addresses without validation. This flaw allows user-mode processes to execute code in kernel mode, posing a severe security risk. The issue has been resolved in NovumOS version 0.24. For those unable to update, it is recommended to run the system in single-user mode and restrict syscall access to prevent exploitation.

Affected Version(s)

NovumOS < 0.24

References

https://github.com/MinecAnton209/NovumOS/security/advisor...

x_refsource_CONFIRM

https://github.com/MinecAnton209/NovumOS/releases/tag/v0.24

x_refsource_MISC

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40317 Data

JSON