CVE-2026-40224
Published: 10 April 2026
Summary
CVE-2026-40224 is a medium-severity Incorrect Authorization (CWE-863) vulnerability in Systemd Project Systemd. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-40224 is a local privilege escalation vulnerability in systemd-machined, affecting systemd versions 259 before 260. The flaw occurs because varlink can be used to reach the root namespace, leading to incorrect authorization (CWE-863). Published on 2026-04-10, it carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).
A local attacker with low privileges (PR:L) can exploit this vulnerability by leveraging varlink in systemd-machined. Exploitation requires local access (AV:L), high attack complexity (AC:H), and user interaction (UI:R), with unchanged scope (S:U). Successful exploitation enables high impacts on confidentiality, integrity, and availability, allowing the attacker to escalate privileges within the system.
The systemd security advisory at https://github.com/systemd/systemd/security/advisories/GHSA-6pwp-j5vg-5j6m provides details on the vulnerability. Systems are mitigated by upgrading to systemd version 260 or later.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-21396
Vulnerability details
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is explicitly a local privilege escalation in systemd-machined due to incorrect authorization via varlink reaching the root namespace, directly mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the privilege escalation vulnerability by requiring timely remediation through upgrading systemd from version 259 to 260 or later.
Identifies the presence of the vulnerable systemd-machined component via vulnerability scanning, enabling proactive patching.
Limits the potential impact of local privilege escalation from low-privilege users by enforcing least privilege principles on system processes and accounts.