CVE-2026-40226

Summary

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Affected Software

VendorProductVersion RangeStatus
systemdsystemd233 < 260affected

Weaknesses

  • CWE-348: CWE-348 Use of Less Trusted Source

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References