{"url":"http://public2.vulnerablecode.io/api/packages/994543?format=json","purl":"pkg:deb/debian/systemd@260.1-1","type":"deb","namespace":"debian","name":"systemd","version":"260.1-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351411?format=json","vulnerability_id":"VCID-4eyp-2xve-qugd","summary":"In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40226.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40226","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00374","published_at":"2026-04-13T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00379","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00375","published_at":"2026-04-12T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00707","published_at":"2026-04-18T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00701","published_at":"2026-04-16T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00988","published_at":"2026-04-29T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00996","published_at":"2026-04-26T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00991","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40226"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457326","reference_id":"2457326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457326"},{"reference_url":"https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx","reference_id":"GHSA-9mj4-rrc3-gjcx","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-14T14:47:51Z/"}],"url":"https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7299","reference_id":"RHSA-2026:7299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7299"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994540?format=json","purl":"pkg:deb/debian/systemd@252.39-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4eyp-2xve-qugd"},{"vulnerability":"VCID-4n47-ffax-sbdu"},{"vulnerability":"VCID-fp54-ff23-vbb5"},{"vulnerability":"VCID-hwg6-vaus-cfa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@252.39-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089422?format=json","purl":"pkg:deb/debian/systemd@252.39-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@252.39-1~deb12u2"},{"url":"http://public2.vulnerablecode.io/api/packages/994541?format=json","purl":"pkg:deb/debian/systemd@254.26-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@254.26-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089423?format=json","purl":"pkg:deb/debian/systemd@257.13-1~deb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@257.13-1~deb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994543?format=json","purl":"pkg:deb/debian/systemd@260.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@260.1-1"}],"aliases":["CVE-2026-40226"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4eyp-2xve-qugd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64284?format=json","vulnerability_id":"VCID-4n47-ffax-sbdu","summary":"systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4105.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4105.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4105","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01732","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01687","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01701","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01696","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04876","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04955","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04936","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04918","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04902","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04921","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05777","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0577","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4105"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447262","reference_id":"2447262","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-13T16:03:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447262"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4105","reference_id":"CVE-2026-4105","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-13T16:03:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4105"},{"reference_url":"https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862","reference_id":"GHSA-4h6x-r8vx-3862","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-13T16:03:09Z/"}],"url":"https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7299","reference_id":"RHSA-2026:7299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7299"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994540?format=json","purl":"pkg:deb/debian/systemd@252.39-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4eyp-2xve-qugd"},{"vulnerability":"VCID-4n47-ffax-sbdu"},{"vulnerability":"VCID-fp54-ff23-vbb5"},{"vulnerability":"VCID-hwg6-vaus-cfa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@252.39-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089422?format=json","purl":"pkg:deb/debian/systemd@252.39-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@252.39-1~deb12u2"},{"url":"http://public2.vulnerablecode.io/api/packages/994541?format=json","purl":"pkg:deb/debian/systemd@254.26-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@254.26-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089423?format=json","purl":"pkg:deb/debian/systemd@257.13-1~deb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@257.13-1~deb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994543?format=json","purl":"pkg:deb/debian/systemd@260.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@260.1-1"}],"aliases":["CVE-2026-4105"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4n47-ffax-sbdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64123?format=json","vulnerability_id":"VCID-fp54-ff23-vbb5","summary":"systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29111.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29111","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01346","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01361","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01351","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0134","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01349","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01355","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01365","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01366","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04372","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05548","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05547","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a","reference_id":"1d22f706bd04f45f8422e17fbde3f56ece17758a","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a"},{"reference_url":"https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6","reference_id":"20021e7686426052e3a7505425d7e12085feb2a6","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6"},{"reference_url":"https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412","reference_id":"21167006574d6b83813c7596759b474f56562412","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450505","reference_id":"2450505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450505"},{"reference_url":"https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd","reference_id":"3cee294fe8cf4fa0eff933ab21416d099942cabd","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd"},{"reference_url":"https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f","reference_id":"42aee39107fbdd7db1ccd402a2151822b2805e9f","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f"},{"reference_url":"https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f","reference_id":"54588d2dedff54bfb6036670820650e4ea74628f","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f"},{"reference_url":"https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69","reference_id":"7ac3220213690e8a8d6d2a6e81e43bd1dce01d69","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69"},{"reference_url":"https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6","reference_id":"80acea4ef80a4bb78560ed970c34952299b890d6","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6"},{"reference_url":"https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c","reference_id":"b5fd14693057e5f2c9b4a49603be64ec3608ff6c","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c"},{"reference_url":"https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8","reference_id":"efa6ba2ab625aaa160ac435a09e6482fc63bdbe8","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8"},{"reference_url":"https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764","reference_id":"GHSA-gx6q-6f99-m764","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:12:36Z/"}],"url":"https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7299","reference_id":"RHSA-2026:7299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7299"},{"reference_url":"https://usn.ubuntu.com/8119-1/","reference_id":"USN-8119-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8119-1/"},{"reference_url":"https://usn.ubuntu.com/8119-2/","reference_id":"USN-8119-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8119-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994540?format=json","purl":"pkg:deb/debian/systemd@252.39-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4eyp-2xve-qugd"},{"vulnerability":"VCID-4n47-ffax-sbdu"},{"vulnerability":"VCID-fp54-ff23-vbb5"},{"vulnerability":"VCID-hwg6-vaus-cfa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@252.39-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089422?format=json","purl":"pkg:deb/debian/systemd@252.39-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@252.39-1~deb12u2"},{"url":"http://public2.vulnerablecode.io/api/packages/994541?format=json","purl":"pkg:deb/debian/systemd@254.26-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@254.26-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089423?format=json","purl":"pkg:deb/debian/systemd@257.13-1~deb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@257.13-1~deb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994543?format=json","purl":"pkg:deb/debian/systemd@260.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@260.1-1"}],"aliases":["CVE-2026-29111"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fp54-ff23-vbb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351410?format=json","vulnerability_id":"VCID-hwg6-vaus-cfa2","summary":"In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40225.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40225","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05219","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05206","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05234","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07037","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07055","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12316","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12459","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12427","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12457","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40225"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457324","reference_id":"2457324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457324"},{"reference_url":"https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx","reference_id":"GHSA-vpfq-8p5f-jcqx","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:40:04Z/"}],"url":"https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7299","reference_id":"RHSA-2026:7299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7299"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994540?format=json","purl":"pkg:deb/debian/systemd@252.39-1~deb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4eyp-2xve-qugd"},{"vulnerability":"VCID-4n47-ffax-sbdu"},{"vulnerability":"VCID-fp54-ff23-vbb5"},{"vulnerability":"VCID-hwg6-vaus-cfa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@252.39-1~deb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089422?format=json","purl":"pkg:deb/debian/systemd@252.39-1~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@252.39-1~deb12u2"},{"url":"http://public2.vulnerablecode.io/api/packages/994541?format=json","purl":"pkg:deb/debian/systemd@254.26-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@254.26-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089423?format=json","purl":"pkg:deb/debian/systemd@257.13-1~deb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@257.13-1~deb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994543?format=json","purl":"pkg:deb/debian/systemd@260.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@260.1-1"}],"aliases":["CVE-2026-40225"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwg6-vaus-cfa2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/systemd@260.1-1"}