DEBIAN-CVE-2026-40226
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-40226
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-40226.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2026-40226
- Upstream
- Published
- 2026-04-10T16:16:33.447Z
- Modified
- 2026-05-16T14:00:58.861902940Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
- References
Affected packages
Debian:11 / systemd
Package
- Name
- systemd
- Purl
- pkg:deb/debian/systemd?arch=source&distro=bullseye
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed247.3-7+deb11u8
Debian:12 / systemd
Package
- Name
- systemd
- Purl
- pkg:deb/debian/systemd?arch=source&distro=bookworm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed252.39-1~deb12u2
Affected versions
252.*
252.6-1
252.6-1+loong64
252.11-1~deb12u1
252.11-1
252.12-1~deb12u1
252.14-1~deb12u1
252.16-1~deb12u1
252.17-1~deb12u1
252.18-1~deb12u1
252.19-1~deb12u1
252.20-1~deb12u1
252.21-1~deb12u1
252.22-1~deb12u1
252.23-1~deb12u1
252.24-1~deb12u1
252.25-1~deb12u1
252.26-1~deb12u1
252.26-1~deb12u2~bpo11+1
252.26-1~deb12u2
252.27-1~deb12u1
252.28-1~deb12u1
252.29-1~deb12u1~bpo11+1
252.29-1~deb12u1
252.30-1~deb12u1
252.30-1~deb12u2
252.31-1~deb12u1
252.32-1~deb12u1
252.33-1~deb12u1
252.36-1~deb12u1
252.38-1~deb12u1
252.39-1~deb12u1
Debian:13 / systemd
Package
- Name
- systemd
- Purl
- pkg:deb/debian/systemd?arch=source&distro=trixie
Debian:14 / systemd
Package
- Name
- systemd
- Purl
- pkg:deb/debian/systemd?arch=source&distro=forky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed260~rc3-1