Linux Distros Unpatched Vulnerability : CVE-2026-40224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace. CVE-2026-40224 Note...

Linux Distros Unpatched Vulnerability : CVE-2026-40227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element. CVE-2026-40227 Note...

Photon OS 5.0: Systemd PHSA-2026-5.0-0819

An update of the systemd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0819. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE CVE-2026-40224

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

SUSE CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

SUSE CVE-2026-40228

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...

CLSA-2026-1776099155 systemd: Fix of 2 CVEs

CVE-2026-29111: validate input cgroup path in GetUnitByControlGroup to prevent PID 1 assert/freeze on spurious IPC API calls - CVE-2026-4105: reject invalid class types when registering machines in systemd-machined to prevent privilege escalation...

CVE-2026-40226

A flaw was found in nspawn, a container runtime environment within systemd. A local attacker or a process within an nspawn container could exploit this vulnerability by using a specially crafted optional configuration file. This could allow the attacker to escape the container's isolation and...

CVE-2026-40224

A flaw was found in systemd-machined, a component of systemd. A local attacker can exploit a vulnerability related to how varlink interacts with the root namespace. This can lead to local privilege escalation, allowing the attacker to gain elevated access on the system...

CVE-2026-40225

A flaw was found in udev in systemd. A local user with access to malicious hardware devices can exploit this vulnerability. By providing unsanitized kernel output, the flaw allows for local root execution, leading to privilege escalation...

CVE-2026-40228

A flaw was found in systemd-journald. When the ForwardToWall=yes configuration is enabled, a local user who executes a logger -p emerg command can cause systemd-journald to send ANSI escape sequences to the terminals of other arbitrary users. This can lead to unintended output appearing on user...

CVE-2026-40223

A flaw was found in systemd, a core component of Linux operating systems. A local user, without special privileges, can exploit this vulnerability. By manipulating a specific systemd unit configuration where delegation is enabled and the user is not set, the user can trigger an internal error,...

Important Photon OS Security Update - PHSA-2026-5.0-0819

Updates of 'squid', 'systemd' packages of Photon OS have been released...

SUSE CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

...

SUSE CVE-2026-40225

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...

SUSE CVE-2026-40226

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...

[SECURITY] [DLA 4527-1] inetutils security update

Debian LTS Advisory DLA-4527-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson April 11, 2026 https://wiki.debian.org/LTS Package : inetutils Version : 2:2.0-1+deb11u4 CVE ID : CVE-2026-28372 CVE-2026-32746 CVE-2026-32772 Debian Bug : 1130741 1130742 Several...

nginx:1.26 security update

2:1.26.3-2.0.1.1 - Require oracle-indexhtml 2:1.26.3-6 - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclos...

CVE-2026-40227

A flaw was found in systemd. A local unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with a specially crafted array or map containing a null element. This can trigger an assert, leading to a Denial of Service DoS condition, which makes the...