CVE-2026-4105

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-4105

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4105.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-4105

Aliases

GHSA-4h6x-r8vx-3862

Downstream

DEBIAN-CVE-2026-4105

ECHO-230a-8355-8606

OESA-2026-1910

OESA-2026-1911

OESA-2026-1912

OESA-2026-1913

OESA-2026-1914

OESA-2026-1915

ROOT-OS-DEBIAN-12-CVE-2026-4105

ROOT-OS-DEBIAN-13-CVE-2026-4105

SUSE-SU-2026:0990-1

SUSE-SU-2026:0991-1

SUSE-SU-2026:1040-1

SUSE-SU-2026:1061-1

SUSE-SU-2026:20822-1

SUSE-SU-2026:20826-1

SUSE-SU-2026:21003-1

UBUNTU-CVE-2026-4105

openSUSE-SU-2026:20471-1

Related

Published

2026-03-13T19:55:13.673Z

Modified

2026-04-14T18:29:30.323115160Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4105.json"