Description
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
Published: 2026-04-10
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The vulnerability allows a local unprivileged user to trigger an assertion in systemd 258 before 260 when a running unit contains Delegate=yes and User unset, causing systemd to crash and the system to become unavailable. This results in a denial‑of‑service condition for all services that rely on systemd.

Affected Systems

The affected product is systemd, version 258 and 259. Any system running those releases that has a unit configured with Delegate=yes and an unset User can be impacted. The issue does not affect later versions such as 260 or newer.

Risk and Exploitability

CVSS score of 4.7 indicates a moderate severity, and the EPSS score is below 1 %, meaning the likelihood of exploitation is very low. The vulnerability is not listed in CISA’s KEV catalog. It requires local, unprivileged access and the presence of a specific unit configuration; an attacker would create or modify a unit with Delegate=yes and empty User to trigger the crash. No remote exploitation vector exists.

Generated by OpenCVE AI on April 13, 2026 at 13:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade systemd to version 260 or newer.
  • Remove or modify any units that use Delegate=yes with an unset User.
  • Restart systemd to apply the changes.
  • Monitor systemd logs for assertion crash events.

Generated by OpenCVE AI on April 13, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Systemd Project
Systemd Project systemd
CPEs cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
Vendors & Products Systemd Project
Systemd Project systemd

Wed, 15 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Systemd
Systemd systemd
Vendors & Products Systemd
Systemd systemd

Mon, 13 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title systemd: systemd: Local unprivileged user can cause Denial of Service
Weaknesses CWE-617
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 10 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
Weaknesses CWE-696
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Systemd Systemd
Systemd Project Systemd
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-15T14:42:11.727Z

Reserved: 2026-04-10T15:10:56.096Z

Link: CVE-2026-40223

cve-icon Vulnrichment

Updated: 2026-04-15T14:25:56.565Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T16:16:32.930

Modified: 2026-04-27T19:08:41.777

Link: CVE-2026-40223

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-10T15:10:56Z

Links: CVE-2026-40223 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:08Z

Weaknesses