Skip to main content

Red Hat CVE-2026-40227

| EUVDEUVD-2026-21402 MEDIUM
Comparison Using Wrong Factors (CWE-1025)
2026-04-10 mitre GHSA-x53v-pxf5-chx6
6.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
261
EUVD ID Assigned
Apr 10, 2026 - 16:00 euvd
EUVD-2026-21402
Analysis Generated
Apr 10, 2026 - 16:00 vuln.today
CVE Published
Apr 10, 2026 - 15:19 nvd
MEDIUM 6.2

DescriptionCVE.org

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

AnalysisAI

Denial of service in systemd 260 allows local unprivileged users to crash the systemd daemon by triggering an assert via IPC API calls containing arrays or maps with null elements. The vulnerability affects systemd versions 260 through 260, with no public exploit code identified at time of analysis. EPSS score of 6.2 reflects moderate real-world risk due to local-only attack vector and non-privileged requirements.

Technical ContextAI

The vulnerability exists in systemd's IPC (inter-process communication) API message parsing logic, specifically in handling of structured data types (arrays and maps) that contain null elements. The root cause is classified as CWE-1025 (Comparison Using Wrong Factors), indicating improper validation or comparison logic when processing array or map elements during deserialization. This allows specially crafted IPC messages to bypass input validation and trigger an assert statement in the systemd daemon process, which crashes the service. The affected product is the systemd system and service manager (CPE: cpe:2.3:a:systemd:systemd:*:*:*:*:*:*:*:*), which handles critical system initialization, logging, and process management on Linux systems.

RemediationAI

Upgrade systemd to version 261 or later to resolve this vulnerability. Users of systemd 260 should prioritize this patch as it addresses a locally-triggerable denial-of-service condition. Most Linux distributions provide systemd updates through standard package managers; check your distribution's security advisory for release timeline and availability. For environments unable to update immediately, restrict local system access to trusted users only and monitor system logs for unexpected systemd restarts or crashes. Consult the vendor advisory at https://github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjq for distribution-specific guidance.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS-Aliyun Fixed
SLES15-SP6-CHOST-BYOS-Azure Fixed
SLES15-SP6-CHOST-BYOS-EC2 Fixed

Share

CVE-2026-40227 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy