CVE-2026-40225 MEDIUM

CVE-2026-40225

Vendor Systemd
Product systemd
Weakness CWE-669
Published April 10, 2026
Last update April 14, 2026

CVSS base score

6.4/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Key dates

02Disclosure timeline

April 10, 2026 CVE published
April 14, 2026 Record updated