Description
A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.
Published: 2026-03-13
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

A flaw in systemd allows a local, unprivileged user to register a machine with an invalid class value through the RegisterMachine D‑Bus method. Because the class parameter is not properly validated, the attacker can create a machine object that remains accessible. Based on the description, the attacker can then invoke privileged methods on that object, leading to execution of arbitrary commands with root privileges on the host system.

Affected Systems

The vulnerability affects Red Hat products that ship systemd, including Red Hat Enterprise Linux 7, 8, 9, and 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4. No specific affected systemd releases are enumerated, so the issue applies to the default systemd packages supplied in these distributions.

Risk and Exploitability

The CVSS score of 6.7 indicates moderate severity, and the EPSS score of under 1 % suggests a low likelihood of exploitation. The attack requires local, non‑root user access and interaction with the D‑Bus interface; no publicly available exploit code has been documented, and the vulnerability is not listed in CISA's KEV catalog. The likely vector is local privilege escalation via the RegisterMachine method, after which the attacker achieves full system privileges.

Generated by OpenCVE AI on April 9, 2026 at 20:40 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Apply the latest Red Hat security update for systemd that addresses CVE‑2026‑4105, following the vendor's guidance for RHEL 7, 8, 9, 10, Hardened Images, and OpenShift 4.
  • No temporary workaround is available that meets Red Hat's criteria; therefore apply the patch as the sole mitigation strategy.
  • After applying the update, test that the RegisterMachine D‑Bus method rejects invalid class values from a non‑root account to confirm the vulnerability is remediated.

Generated by OpenCVE AI on April 9, 2026 at 20:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Vendors & Products Redhat openshift Container Platform

Fri, 13 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Fri, 13 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 13 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.
Title Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-284
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux Hummingbird Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-09T17:27:11.879Z

Reserved: 2026-03-13T08:24:25.873Z

Link: CVE-2026-4105

cve-icon Vulnrichment

Updated: 2026-03-13T16:03:11.191Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:13.673

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-4105

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-13T00:00:00Z

Links: CVE-2026-4105 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:46:30Z

Weaknesses