CVE-2026-40226 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.4 MEDIUM	LOCAL	HIGH	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
systemd_project	systemd	233 ≤ 𝑥 < 257.12
systemd_project	systemd	258 ≤ 𝑥 < 258.6
systemd_project	systemd	259 ≤ 𝑥 < 259.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

systemd

bookworm	252.39-1~deb12u2 fixed
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	247.3-7+deb11u8 fixed
forky	260.1-1 fixed
sid	261~rc1-1 fixed
trixie	257.13-1~deb13u1 fixed

Common Weakness Enumeration

CWE-348 - Use of Less Trusted Source
The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

References

https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx