CVE-2026-40223

Summary

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.

Affected Software

VendorProductVersion RangeStatus
systemdsystemd258 < 260affected

Weaknesses

  • CWE-696: CWE-696 Incorrect Behavior Order

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References