CVE-2026-40225

| EUVD-2026-21399 MEDIUM
2026-04-10 mitre GHSA-396h-m3pm-fpm5
6.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 10, 2026 - 16:00 vuln.today
EUVD ID Assigned
Apr 10, 2026 - 16:00 euvd
EUVD-2026-21399
CVE Published
Apr 10, 2026 - 15:16 nvd
MEDIUM 6.4

Tags

Information Disclosure Systemd

Description

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Analysis

Local root code execution in systemd's udev subsystem before version 260 allows attackers with physical access to craft malicious hardware devices that exploit unsanitized kernel output, achieving privilege escalation from local user context to root. The attack requires physical device insertion but no user interaction; CVSS 6.4 reflects the physical attack vector constraint, though successful exploitation grants complete system compromise. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

32
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0

Share

CVE-2026-40225 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy