CVE-2026-25828
Published: 12 February 2026
Summary
CVE-2026-25828 is a medium-severity OS Command Injection (CWE-78) vulnerability in Archlinux (inferred from references). Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 32.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7371
Vulnerability details
grub-btrfs through 2026-01-31 (on Arch Linux and derivative distributions) allows initramfs OS command injection because it does not sanitize the $root parameter to resolve_device(). NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend…
more
on specific implementation details within resolve_device."
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-78 OS command injection in grub-btrfs directly enables Unix shell command execution (T1059.004) and local privilege escalation via software exploitation (T1068).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.