systemd

Top products

The 11 most recently published vulnerabilities affecting systemd.

• CVE-2026-40228In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.2.9Apr 10, 2026
• CVE-2026-40227In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.6.2Apr 10, 2026
• CVE-2026-40226In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.6.4Apr 10, 2026
• CVE-2026-40225In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.6.4Apr 10, 2026
• CVE-2026-40224In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.6.7Apr 10, 2026
• CVE-2026-40223In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.4.7Apr 10, 2026
• CVE-2026-29111systemd: Local unprivileged user can trigger an assert5.5Mar 23, 2026
• CVE-2012-1101systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).5.5Mar 11, 2020
• CVE-2018-15687systemd: chown_one() can dereference symlinks7.0Oct 26, 2018
• CVE-2018-15688Out-of-Bounds write in systemd-networkd dhcpv6 option handling8.8Oct 26, 2018
• CVE-2018-15686systemd: reexec state injection: fgets() on overlong lines leads to line splitting7.8Oct 26, 2018