CVE-2026-40223: Medium severity systemd systemd vulnerability
Published Apr 10, 2026
·Updated
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
Affected Software
2 affected components
systemd systemd>=258<260
Systemd Project Systemd>=258<260
Event History
Apr 10, 2026
CVE Published
via MITRE·03:10 PM
Data Sourced
via MITRE·03:10 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·04:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-40223?
CVE-2026-40223 is classified as a medium severity vulnerability due to its potential impact on system stability.
2
How do I fix CVE-2026-40223?
To mitigate CVE-2026-40223, update systemd to version 260 or later, where the vulnerability has been addressed.
3
Who is affected by CVE-2026-40223?
CVE-2026-40223 affects systems running systemd versions between 258 and 260 that have units with Delegate=yes and User unset.
4
What can happen if CVE-2026-40223 is exploited?
If exploited, CVE-2026-40223 can cause an assert failure, potentially leading to system instability for affected systemd services.
5
Is CVE-2026-40223 a remote code execution vulnerability?
No, CVE-2026-40223 is not a remote code execution vulnerability; it is triggered locally by an unprivileged user.