{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-40225", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-10T15:16:19.391Z", "datePublished": "2026-04-10T15:16:19.827Z", "dateUpdated": "2026-04-14T14:40:30.611Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "systemd", "vendor": "systemd", "versions": [{"lessThan": "260", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-10T15:33:39.797Z"}, "references": [{"url": "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T14:40:04.875187Z", "id": "CVE-2026-40225", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:40:30.611Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40225", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T14:40:04.875187Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:40:23.155Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "systemd", "product": "systemd", "versions": [{"status": "affected", "version": "0", "lessThan": "260", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-10T15:33:39.797Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40225", "state": "PUBLISHED", "dateUpdated": "2026-04-14T14:40:30.611Z", "dateReserved": "2026-04-10T15:16:19.391Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-10T15:16:19.827Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "77A2DC6B-8E0C-48FF-B902-E46957A06490", "versionEndExcluding": "257.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A8904AE-67FB-4E18-968F-4F6ACCB4FE4D", "versionEndExcluding": "258.7", "versionStartIncluding": "258", "vulnerable": true}, {"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "480B9759-F527-4BFB-9502-F8E4135EBAF9", "versionEndExcluding": "259.5", "versionStartIncluding": "259", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output."}], "id": "CVE-2026-40225", "lastModified": "2026-04-27T19:00:02.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-04-10T16:16:33.287", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-669"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output", "id": "2457324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457324"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-250", "details": ["A flaw was found in udev in systemd. A local user with access to malicious hardware devices can exploit this vulnerability. By providing unsanitized kernel output, the flaw allows for local root execution, leading to privilege escalation."], "name": "CVE-2026-40225", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rpm-ostree", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-10T15:16:19Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40225\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40225\nhttps://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,260)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "systemd", "source": "cna", "vendor": "systemd"}, "product": "systemd", "vendor": "systemd"}], "analysis": {"en": {"generated_at": "2026-04-14T01:41:49.624721+00:00", "value": {"mitigation_remediation": ["Upgrade systemd to version 260 or later.", "Verify that the systemd binary is at the updated version using \"systemctl --version\".", "If upgrade is not immediately possible, restrict physical access to trusted personnel and disable unnecessary udev rules until patch deployment completes."], "summary": {"action": "Patch Immediately", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All installations of systemd older than version 260 are vulnerable. System administrators should verify the current systemd version on their hosts and confirm whether it falls below the recommended release before applying a fix.", "description_and_impact": "Udev in systemd versions prior to 260 allows a local attacker to elevate privileges to root by exploiting malicious hardware devices and unsanitized kernel output. The flaw is based on improper handling of device creation events, leading to execution of code with system-level privileges. The weakness is classified under CWE\u2011250 and CWE\u2011669, indicating that a vulnerability in giving insufficient root privileges and unsafe handling of user data can cause unintended privilege escalation.", "risk_and_exploitability": "The CVSS score of 6.4 indicates a medium severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, further indicating limited exploitation activity. Based on the description, the likely attack vector is a local attacker with physical or administrative access who can attach a malicious hardware device, allowing the attacker to trigger the kernel output handling path. An exploit would result in root escalation, compromising system confidentiality, integrity, and availability."}}}}, "created": "2026-04-13T12:44:48.978115+00:00", "updated": "2026-04-14T16:36:29.137888+00:00", "vendors": ["systemd", "systemd$PRODUCT$systemd"]}