CVE-2026-40227

Summary

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

Affected Software

VendorProductVersion RangeStatus
systemdsystemd260 < 261affected

Weaknesses

  • CWE-1025: CWE-1025 Comparison Using Wrong Factors

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References