Systemd CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-29111	2 Systemd, Systemd Project	2 Systemd, Systemd	2026-04-15	5.5 Medium
systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.
CVE-2026-40227	2 Systemd, Systemd Project	2 Systemd, Systemd	2026-04-15	6.2 Medium
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
CVE-2026-40223	1 Systemd	1 Systemd	2026-04-15	4.7 Medium
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
CVE-2026-40224	1 Systemd	1 Systemd	2026-04-14	6.7 Medium
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
CVE-2026-40225	1 Systemd	1 Systemd	2026-04-14	6.4 Medium
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
CVE-2026-40226	1 Systemd	1 Systemd	2026-04-14	6.4 Medium
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
CVE-2026-40228	1 Systemd	1 Systemd	2026-04-13	2.9 Low
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

Page 1 of 1.