Description
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.
Published: 2026-04-10
Score: 2.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Terminal output injection
Action: Apply patch
AI Analysis

Impact

An unexpected behavior in systemd-journald allows ANSI escape sequences to be sent directly to the terminals of any logged‑in user when the "logger -p emerg" command is executed, provided the ForwardToWall option is enabled. This does not provide code execution but can modify terminal appearance or behavior through illicit escape codes, reflecting weaknesses in input sanitization (CWE-117) and misuse of terminal control (CWE-669).

Affected Systems

The flaw affects machines running systemd version 259 when the journald configuration has ForwardToWall set to yes. Any system with that version and forwarding enabled is susceptible; the problem is tied to systemd itself rather than any specific application.

Risk and Exploitability

The CVSS score of 2.9 labels this vulnerability as low severity and an EPSS score below 1% suggests a very small likelihood of exploitation in the wild. It is not listed in CISA’s KEV catalog. The likely attack vector requires the attacker to invoke ‘logger -p emerg’, which may be restricted to user or privileged contexts; this condition is inferred from the description. Consequently the risk surface is limited to local or locally privileged users on systems with ForwardToWall enabled, though the impact on user experience could be noticeable.

Generated by OpenCVE AI on April 13, 2026 at 13:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update systemd to a version that incorporates the fix
  • Edit /etc/systemd/journald.conf to set ForwardToWall=no and restart systemd-journald if a patch is not yet available
  • Verify that non‑privileged users cannot execute the "logger -p emerg" command on the system

Generated by OpenCVE AI on April 13, 2026 at 13:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Systemd Project
Systemd Project systemd
CPEs cpe:2.3:a:systemd_project:systemd:259:-:*:*:*:*:*:*
Vendors & Products Systemd Project
Systemd Project systemd

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Systemd
Systemd systemd
Vendors & Products Systemd
Systemd systemd

Mon, 13 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title systemd: systemd-journald: Unintended output to user terminals via logger command
Weaknesses CWE-117
References
Metrics threat_severity

None

 threat_severity

Low

Fri, 10 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.
Weaknesses CWE-669
References
Metrics cvssV3_1

{'score': 2.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Systemd Systemd
Systemd Project Systemd
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-10T17:27:22.882Z

Reserved: 2026-04-10T15:48:43.773Z

Link: CVE-2026-40228

cve-icon Vulnrichment

Updated: 2026-04-10T17:27:12.048Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T16:16:33.753

Modified: 2026-04-17T22:00:53.883

Link: CVE-2026-40228

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-10T15:48:44Z

Links: CVE-2026-40228 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:06Z

Weaknesses