๐Ÿ” CVE Alert

CVE-2026-4105

MEDIUM 6.7

Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method

CVSS Score
6.7
EPSS Score
0.0%
EPSS Percentile
5th

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

CWE CWE-284
Vendor red hat
Product red hat enterprise linux 10
Published Mar 13, 2026
Last Updated Apr 9, 2026
Stay Ahead of the Next One

Get instant alerts for red hat red hat enterprise linux 10

Be the first to know when new medium vulnerabilities affecting red hat red hat enterprise linux 10 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 7
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Hardened Images
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-4105 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2447262 github.com: https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862

Credits

Red Hat would like to thank Asim Viladi Oglu Manizada for reporting this issue.