systemd up to 260 IPC API Call comparison using wrong factors
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 2.40- |
Summary
A vulnerability was found in systemd up to 260. It has been classified as problematic. This affects an unknown function of the component IPC API Call Handler. The manipulation leads to comparison using wrong factors. This vulnerability is uniquely identified as CVE-2026-40227. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is recommended.
Details
A vulnerability was found in systemd up to 260 and classified as problematic. This issue affects an unknown code block of the component IPC API Call Handler. The manipulation with an unknown input leads to a comparison using wrong factors vulnerability. Using CWE to declare the problem leads to CWE-1025. The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses. Impacted is availability. The summary by CVE is:
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
The advisory is shared at github.com. The identification of this vulnerability is CVE-2026-40227 since 04/10/2026. The exploitation is known to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available.
Upgrading to version 261 eliminates this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Name
Version
License
Website
- Product: https://github.com/systemd/systemd/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.8VulDB Meta Temp Score: 5.7
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 6.2
CNA Vector (MITRE): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Comparison using wrong factorsCWE: CWE-1025
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: systemd 261
Timeline
04/10/2026 Advisory disclosed04/10/2026 CVE reserved
04/10/2026 VulDB entry created
04/10/2026 VulDB entry last update
Sources
Product: github.comAdvisory: github.com
Status: Confirmed
CVE: CVE-2026-40227 (🔒)
GCVE (CVE): GCVE-0-2026-40227
GCVE (VulDB): GCVE-100-356837
Entry
Created: 04/10/2026 17:53Changes: 04/10/2026 17:53 (62)
Complete: 🔍
Cache ID: 216:73F:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.