CVE-2026-40226: Medium severity systemd systemd vulnerability
Published Apr 10, 2026
·Updated
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Affected Software
6 affected componentsFixes available
systemd systemd>=233<=259
Systemd Project Systemd>=233<257.12
Systemd Project Systemd>=258<258.6
Systemd Project Systemd>=259<259.4
Microsoft azl3 systemd 255-27
debian/systemd<=247.3-7+deb11u5, <=252.38-1~deb12u1
247.3-7+deb11u8252.39-1~deb12u2257.13-1~deb13u1260.1-1261~rc3-1
Event History
Apr 10, 2026
CVE Published
via MITRE·03:18 PM
Data Sourced
via MITRE·03:18 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·04:16 PM
DescriptionSeverityWeaknessAffected Software
Apr 12, 2026
Data Sourced
via Microsoft·08:01 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·08:01 AM
Affected Software
Updated
via Microsoft·08:01 AM
DescriptionSeverity
Jun 8, 2026
Data Sourced
via Debian·04:05 PM
DescriptionAffected Software
Data Sourced
via Launchpad·04:05 PM
Description
Jun 9, 2026
Data Sourced
via Ubuntu·04:04 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-40226?
CVE-2026-40226 is considered a high severity vulnerability due to the potential for an escape-to-host action.
2
How do I fix CVE-2026-40226?
To mitigate CVE-2026-40226, update systemd to version 260 or later.
3
What versions of systemd are affected by CVE-2026-40226?
CVE-2026-40226 affects systemd versions 233 through 259.
4
What impact does CVE-2026-40226 have on system security?
CVE-2026-40226 can allow unauthorized access to the host system, compromising its security.
5
Is CVE-2026-40226 exploitable remotely?
Yes, CVE-2026-40226 can be exploited remotely if proper safeguards are not in place.