{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-40227", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-10T15:19:51.012Z", "datePublished": "2026-04-10T15:19:51.433Z", "dateUpdated": "2026-04-14T14:49:32.971Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "systemd", "vendor": "systemd", "versions": [{"lessThan": "261", "status": "affected", "version": "260", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1025", "description": "CWE-1025 Comparison Using Wrong Factors", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-10T15:26:26.507Z"}, "references": [{"url": "https://github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjq"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T14:49:13.131629Z", "id": "CVE-2026-40227", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:49:32.971Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40227", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T14:49:13.131629Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:49:27.413Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "systemd", "product": "systemd", "versions": [{"status": "affected", "version": "260", "lessThan": "261", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjq"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1025", "description": "CWE-1025 Comparison Using Wrong Factors"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-10T15:26:26.507Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40227", "state": "PUBLISHED", "dateUpdated": "2026-04-14T14:49:32.971Z", "dateReserved": "2026-04-10T15:19:51.012Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-10T15:19:51.433Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:260:-:*:*:*:*:*:*", "matchCriteriaId": "2CC53AC2-A12C-42A6-9165-E780FD9DC42D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element."}], "id": "CVE-2026-40227", "lastModified": "2026-04-14T19:41:59.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-10T16:16:33.607", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjq"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1025"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "systemd: systemd: Denial of Service via malicious IPC API call with null element", "id": "2457322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457322"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in systemd. A local unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with a specially crafted array or map containing a null element. This can trigger an assert, leading to a Denial of Service (DoS) condition, which makes the system unavailable."], "name": "CVE-2026-40227", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rpm-ostree", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "systemd", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-10T15:19:51Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40227\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40227\nhttps://github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjq"], "statement": "A flaw in systemd allows a local unprivileged user to cause a Denial of Service by making a crafted Inter-Process Communication (IPC) API call. The issue is restricted to systemd v260 only, the systemd versions as shipped as with Red Hat products are not affected by this vulnerability as it doesn't ship the commit which introduced the vulnerability.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[260,261)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "systemd", "source": "cna", "vendor": "systemd"}, "product": "systemd", "vendor": "systemd"}], "analysis": {"en": {"generated_at": "2026-04-14T21:26:40.752032+00:00", "value": {"mitigation_remediation": ["Upgrade systemd to version\u202f261 or later using the supported package manager on your distribution.", "Verify that the installed package version is 261 or higher by checking the systemd package metadata.", "If an upgrade is not immediately available, mitigate potential service disruption by incorporating redundancy or monitoring for unexpected systemd restarts."], "summary": {"action": "Patch Now", "impact": "Denial of Service via local IPC misuse"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the systemd project\u2019s systemd package, versions 260 through 260.x but not 261 and later. Linux distributions shipping systemd 260 without the 261 update are vulnerable. Only the systemd daemon and its IPC interfaces are impacted.", "description_and_impact": "Local non\u2011privileged users can trigger an assertion failure in systemd by sending an IPC message that contains an array or map with a null element. The assertion causes systemd to terminate, resulting in a denial of service for the daemon and services that depend on it. The flaw is a null pointer dereference as indicated by the associated CWE identifiers.", "risk_and_exploitability": "The CVSS score of 6.2 indicates medium severity, while an EPSS score of less than 1\u202f% suggests a low probability of exploitation. The flaw is not listed in the CISA KEV catalog. Attackers must have local access and be able to use the IPC API to send crafted messages to systemd; thus exploitation requires local, non\u2011privileged access and does not need elevated privileges."}}}}, "created": "2026-04-13T12:44:47.019897+00:00", "updated": "2026-04-15T16:00:07.793706+00:00", "vendors": ["systemd", "systemd$PRODUCT$systemd"]}