nspawn Escape-to-Host via Crafted Config File in systemd <260
CVE-2026-40226 Published on April 10, 2026

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

NVD

Vulnerability Analysis

CVE-2026-40226 is exploitable with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Use of Less Trusted Source

The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

Affected Versions

systemd:

Version 233 and below 260 is affected.

nspawn Escape-to-Host via Crafted Config File in systemd <260CVE-2026-40226 Published on April 10, 2026

Vulnerability Analysis

Weakness Type

Use of Less Trusted Source

Affected Versions

nspawn Escape-to-Host via Crafted Config File in systemd <260
CVE-2026-40226 Published on April 10, 2026