Description
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
Published: 2026-04-10
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a local privilege escalation in systemd versions 259 and earlier, caused by the varlink interface in systemd-machined that allows access to the root namespace. The weakness is an improper use of authorization mechanisms (CWE-863) combined with insufficient privilege management (CWE-266). An attacker with local access can direct the systemd-machined service to perform privileged operations, potentially altering system configuration or accessing sensitive data.

Affected Systems

The affected vendor is systemd, product systemd. Versions affected are 259 or earlier, prior to the 260 release.

Risk and Exploitability

The CVSS score of 6.7 indicates a medium‑high severity, while the EPSS score of less than 1 % suggests a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, and it requires local access; therefore an attacker must already have some foothold on the machine to exploit it. Though the likelihood of exploitation in the wild may be low, the potential impact of privilege escalation warrants timely remediation.

Generated by OpenCVE AI on April 14, 2026 at 02:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update systemd to version 260 or later to eliminate the vulnerability.

Generated by OpenCVE AI on April 14, 2026 at 02:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Systemd Project
Systemd Project systemd
CPEs cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
Vendors & Products Systemd Project
Systemd Project systemd

Tue, 14 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Varlink in systemd 259 systemd: systemd-machined: Local privilege escalation via varlink
Weaknesses CWE-266
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Varlink in systemd 259

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Systemd
Systemd systemd
Vendors & Products Systemd
Systemd systemd

Fri, 10 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Systemd Systemd
Systemd Project Systemd
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T18:13:05.818Z

Reserved: 2026-04-10T15:14:21.394Z

Link: CVE-2026-40224

cve-icon Vulnrichment

Updated: 2026-04-10T18:13:00.863Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T16:16:33.113

Modified: 2026-04-27T19:08:24.913

Link: CVE-2026-40224

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-10T15:14:21Z

Links: CVE-2026-40224 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:36:30Z

Weaknesses