CVE-2026-40227: Medium severity systemd systemd vulnerability

Q: What is the severity of CVE-2026-40227?

CVE-2026-40227 is considered a high severity vulnerability due to its potential to allow a local unprivileged user to trigger an assert in the system.

Q: How do I fix CVE-2026-40227?

To fix CVE-2026-40227, you should upgrade systemd to version 261 or later.

Q: What versions of systemd are affected by CVE-2026-40227?

CVE-2026-40227 affects systemd versions 260 and below.

Q: What type of vulnerability is CVE-2026-40227?

CVE-2026-40227 is a local privilege escalation vulnerability resulting from improper handling of null elements in the IPC API.

Q: Who can exploit CVE-2026-40227?

CVE-2026-40227 can be exploited by any local unprivileged user.

Published Apr 10, 2026

Updated

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

Affected Software

2 affected components

systemd systemd>=260<261

Systemd Project Systemd=260

Event History

Apr 10, 2026

CVE Published

via MITRE·03:19 PM

Data Sourced

via MITRE·03:19 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·04:16 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-40227?

CVE-2026-40227 is considered a high severity vulnerability due to its potential to allow a local unprivileged user to trigger an assert in the system.

How do I fix CVE-2026-40227?

To fix CVE-2026-40227, you should upgrade systemd to version 261 or later.

What versions of systemd are affected by CVE-2026-40227?

CVE-2026-40227 affects systemd versions 260 and below.

What type of vulnerability is CVE-2026-40227?

CVE-2026-40227 is a local privilege escalation vulnerability resulting from improper handling of null elements in the IPC API.

Who can exploit CVE-2026-40227?