Medium severity6.4NVD Advisory· Published Apr 10, 2026· Updated Apr 27, 2026
CVE-2026-40225
CVE-2026-40225
Description
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <260
- osv-coords2 versions
< 2026.05.06_git20260429-r0+ 1 more
- (no CPE)range: < 2026.05.06_git20260429-r0
- (no CPE)range: < 2026.05.06_git20260429-r0
Patches
Vulnerability mechanics
References
1- github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqxnvdVendor Advisory
News mentions
1- Debian 13.5 point release lands with security fixes, bug patchesHelp Net Security · May 17, 2026