CVE-2026-40225: Medium severity systemd udev (systemd) vulnerability
Published Apr 10, 2026
·Updated
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Affected Software
5 affected componentsFixes available
systemd udev (systemd)<260
Systemd Project Systemd<257.13
Systemd Project Systemd>=258<258.7
Systemd Project Systemd>=259<259.5
Microsoft azl3 systemd 255-27
Event History
Apr 10, 2026
CVE Published
via MITRE·03:16 PM
Data Sourced
via MITRE·03:16 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·04:16 PM
DescriptionSeverityWeaknessAffected Software
Apr 29, 2026
Data Sourced
via Microsoft·08:06 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·08:06 AM
Affected Software
Updated
via Microsoft·08:06 AM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2026-40225?
CVE-2026-40225 is considered a high-severity vulnerability due to the potential for local root execution.
2
How do I fix CVE-2026-40225?
To mitigate CVE-2026-40225, update udev in systemd to version 260 or later.
3
Who is affected by CVE-2026-40225?
CVE-2026-40225 affects all versions of udev in systemd prior to 260.
4
What type of vulnerability is CVE-2026-40225?
CVE-2026-40225 is a local privilege escalation vulnerability that can be exploited through malicious hardware devices.
5
What can be exploited in CVE-2026-40225?
CVE-2026-40225 can be exploited through unsanitized kernel output, allowing unauthorized local root access.