Privilege Escalation Vulnerability in NovumOS Operating System
CVE-2026-40572

9CRITICAL

Key Information:

Vendor: Minecanton209
Status: Novumos
Vendor: CVE Published:; 18 April 2026

🔔 Create Minecanton209 Vulnerability Alert

What is CVE-2026-40572?

NovumOS, a custom 32-bit operating system, contains a significant vulnerability prior to version 0.24 in its Syscall 15 (MemoryMapRange). This flaw permits user-mode processes to map various virtual address ranges into their address space without appropriate validations against restricted regions. As a result, an attacker in local user mode could exploit this weakness to modify critical kernel structures, including the IDT, GDT, TSS, and page tables, potentially leading to unauthorized privilege escalation. The issue was addressed and patched in version 0.24.

Affected Version(s)

NovumOS < 0.24

References

https://github.com/MinecAnton209/NovumOS/security/advisor...

x_refsource_CONFIRM

https://github.com/MinecAnton209/NovumOS/releases/tag/v0.24

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-40572 Data

JSON