Medium severity6.2NVD Advisory· Published Apr 10, 2026· Updated Apr 14, 2026
CVE-2026-40227
CVE-2026-40227
Description
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
Affected products
1- cpe:2.3:a:systemd_project:systemd:260:-:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjqnvdVendor Advisory
News mentions
2- Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitiesCisco Talos Intelligence · May 14, 2026
- Siemens SIMATICCISA Alerts