CVE-2026-4105

EUVD-2026-11774

13.03.2026, 19:55

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Debian Releases

Debian Product

Codename

systemd

bookworm	252.39-1~deb12u2 fixed
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	247.3-7+deb11u8 fixed
forky	260.1-1 fixed
sid	261~rc3-1 fixed
trixie	257.13-1~deb13u1 fixed

openSUSE / SLES Releases

openSUSE Product

Release

libsystemd0

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

libsystemd0-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

libsystemd0-32bit

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

libsystemd0-32bit-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

libudev-devel-228

suse enterprise server 12 SP5

157.75.1

fixed

libudev1

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

libudev1-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

libudev1-32bit

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

libudev1-32bit-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

systemd

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

systemd-32bit

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-32bit-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

systemd-bash-completion-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

systemd-container

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-coredump

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-devel

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-devel-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

systemd-doc

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-journal-remote

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-lang

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-resolved

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-sysvcompat

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

systemd-sysvinit

suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed

systemd-sysvinit-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

udev

suse enterprise desktop 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise sap 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise sap 15 SP7	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP4	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP5	249.17-150400.8.55.1 fixed
suse enterprise server 15 SP6	254.27-150600.4.62.1 fixed
suse enterprise server 15 SP7	254.27-150600.4.62.1 fixed

udev-228

suse enterprise server 12 SP3	150.114.1 fixed
suse enterprise server 12 SP5	157.75.1 fixed

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

https://access.redhat.com/errata/RHSA-2026:7299

https://access.redhat.com/security/cve/CVE-2026-4105

https://bugzilla.redhat.com/show_bug.cgi?id=2447262

https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862