Description
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
Published: 2026-04-10
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 11 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Title systemd: systemd: Denial of Service via malicious IPC API call with null element
Weaknesses CWE-476
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 10 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
Weaknesses CWE-1025
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T15:26:26.507Z

Reserved: 2026-04-10T15:19:51.012Z

Link: CVE-2026-40227

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-10T16:16:33.607

Modified: 2026-04-10T16:16:33.607

Link: CVE-2026-40227

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-10T15:19:51Z

Links: CVE-2026-40227 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses