CVE-2026-40224: High severity systemd systemd-machined vulnerability

Q: What is the severity of CVE-2026-40224?

CVE-2026-40224 has been classified as a high severity vulnerability due to its potential for local privilege escalation.

Q: How do I fix CVE-2026-40224?

To mitigate CVE-2026-40224, upgrade systemd or systemd-machined to version 260 or later.

Q: What type of vulnerability is CVE-2026-40224?

CVE-2026-40224 is a local privilege escalation vulnerability affecting systemd-machined.

Q: Which versions of systemd are affected by CVE-2026-40224?

CVE-2026-40224 affects systemd versions prior to 260.

Q: Can CVE-2026-40224 be exploited remotely?

No, CVE-2026-40224 requires local access to exploit.

Published Apr 10, 2026

Updated

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

Affected Software

2 affected components

systemd systemd-machined<260

Systemd Project Systemd>=259<259.3

Event History

Apr 10, 2026

CVE Published

via MITRE·03:14 PM

Data Sourced

via MITRE·03:14 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·04:16 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-40224?

CVE-2026-40224 has been classified as a high severity vulnerability due to its potential for local privilege escalation.

How do I fix CVE-2026-40224?

To mitigate CVE-2026-40224, upgrade systemd or systemd-machined to version 260 or later.

What type of vulnerability is CVE-2026-40224?

CVE-2026-40224 is a local privilege escalation vulnerability affecting systemd-machined.

Which versions of systemd are affected by CVE-2026-40224?

CVE-2026-40224 affects systemd versions prior to 260.

Can CVE-2026-40224 be exploited remotely?