CVE-2026-40226: In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Overview

Severity
Medium (CVSS 6.4)
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploit Status
Not Exploited
Patch Tuesday
2026-Apr
Released
2026-04-12
Last Updated
2026-06-03
EPSS Score
0.07% (percentile: 0.1%)

Affected Products (4)

Open Source Software

  • azl3 systemd 255-26 on Azure Linux 3.0
  • cbl2 systemd 250.3-24 on CBL Mariner 2.0
  • azl3 systemd 255-27 on Azure Linux 3.0

Other

  • 21393-17084

Revision History

  • 2026-04-12: Information published.
  • 2026-04-13: Information published.
  • 2026-04-29: Information published.
  • 2026-05-27: Information published.
  • 2026-06-03: Information published.