Vulnerability Details CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 0.5%
CVSS Severity
CVSS v3 Score 4.7
Products affected by CVE-2026-40223
-
cpe:2.3:a:systemd_project:systemd:258
-
cpe:2.3:a:systemd_project:systemd:258.1
-
cpe:2.3:a:systemd_project:systemd:258.2
-
cpe:2.3:a:systemd_project:systemd:258.3
-
cpe:2.3:a:systemd_project:systemd:258.4
-
cpe:2.3:a:systemd_project:systemd:258.5
-
cpe:2.3:a:systemd_project:systemd:258.6
-
cpe:2.3:a:systemd_project:systemd:258.7
-
cpe:2.3:a:systemd_project:systemd:259
-
cpe:2.3:a:systemd_project:systemd:259.1
-
cpe:2.3:a:systemd_project:systemd:259.2
-
cpe:2.3:a:systemd_project:systemd:259.3
-
cpe:2.3:a:systemd_project:systemd:259.4
-
cpe:2.3:a:systemd_project:systemd:259.5