Description
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
Published: 2026-04-10
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via local IPC misuse
Action: Patch Now
AI Analysis

Impact

Local non‑privileged users can trigger an assertion failure in systemd by sending an IPC message that contains an array or map with a null element. The assertion causes systemd to terminate, resulting in a denial of service for the daemon and services that depend on it. The flaw is a null pointer dereference as indicated by the associated CWE identifiers.

Affected Systems

The vulnerability affects the systemd project’s systemd package, versions 260 through 260.x but not 261 and later. Linux distributions shipping systemd 260 without the 261 update are vulnerable. Only the systemd daemon and its IPC interfaces are impacted.

Risk and Exploitability

The CVSS score of 6.2 indicates medium severity, while an EPSS score of less than 1 % suggests a low probability of exploitation. The flaw is not listed in the CISA KEV catalog. Attackers must have local access and be able to use the IPC API to send crafted messages to systemd; thus exploitation requires local, non‑privileged access and does not need elevated privileges.

Generated by OpenCVE AI on April 14, 2026 at 21:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade systemd to version 261 or later using the supported package manager on your distribution.
  • Verify that the installed package version is 261 or higher by checking the systemd package metadata.
  • If an upgrade is not immediately available, mitigate potential service disruption by incorporating redundancy or monitoring for unexpected systemd restarts.

Generated by OpenCVE AI on April 14, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Systemd Project
Systemd Project systemd
CPEs cpe:2.3:a:systemd_project:systemd:260:-:*:*:*:*:*:*
Vendors & Products Systemd Project
Systemd Project systemd

Tue, 14 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Systemd
Systemd systemd
Vendors & Products Systemd
Systemd systemd

Sat, 11 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Title systemd: systemd: Denial of Service via malicious IPC API call with null element
Weaknesses CWE-476
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 10 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
Weaknesses CWE-1025
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Systemd Systemd
Systemd Project Systemd
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T14:49:32.971Z

Reserved: 2026-04-10T15:19:51.012Z

Link: CVE-2026-40227

cve-icon Vulnrichment

Updated: 2026-04-14T14:49:27.413Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T16:16:33.607

Modified: 2026-04-14T19:41:59.977

Link: CVE-2026-40227

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-10T15:19:51Z

Links: CVE-2026-40227 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:00:07Z

Weaknesses