Medium severity6.4NVD Advisory· Published Apr 10, 2026· Updated Apr 17, 2026
CVE-2026-40226
CVE-2026-40226
Description
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*range: >=233,<257.12
- (no CPE)range: >=233 <=259
- osv-coords2 versions
< 2026.05.06_git20260429-r0+ 1 more
- (no CPE)range: < 2026.05.06_git20260429-r0
- (no CPE)range: < 2026.05.06_git20260429-r0
Patches
Vulnerability mechanics
References
1- github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcxnvdVendor Advisory
News mentions
1- Debian 13.5 point release lands with security fixes, bug patchesHelp Net Security · May 17, 2026