Medium severity6.7NVD Advisory· Published Apr 10, 2026· Updated Apr 27, 2026
CVE-2026-40224
CVE-2026-40224
Description
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*range: >=259,<259.3
- (no CPE)range: >=259, <260
- osv-coords15 versionspkg:apk/chainguard/libsystemdpkg:apk/chainguard/libsystemd-compression-libspkg:apk/chainguard/libsystemd-sharedpkg:apk/chainguard/libudevpkg:apk/chainguard/systemdpkg:apk/chainguard/systemd-bootpkg:apk/chainguard/systemd-systemctlpkg:apk/wolfi/libsystemdpkg:apk/wolfi/libsystemd-compression-libspkg:apk/wolfi/libsystemd-sharedpkg:apk/wolfi/libudevpkg:apk/wolfi/systemdpkg:apk/wolfi/systemd-bootpkg:apk/wolfi/systemd-systemctlpkg:rpm/opensuse/systemd&distro=openSUSE%20Tumbleweed
< 259.3-r0+ 14 more
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 259.3-r0
- (no CPE)range: < 260.1-2.1
Patches
Vulnerability mechanics
References
1- github.com/systemd/systemd/security/advisories/GHSA-6pwp-j5vg-5j6mnvdVendor Advisory
News mentions
0No linked articles in our index yet.