DEBIAN-CVE-2026-4105

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-4105

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4105.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-4105

Upstream

CVE-2026-4105

Published

2026-03-13T19:55:13.673Z

Modified

2026-04-15T06:00:16.743391Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

References

https://security-tracker.debian.org/tracker/CVE-2026-4105

Affected packages

Debian:11 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

247.3-7+deb11u8

Affected versions

247.*

247.3-6

247.3-7

247.3-7+deb11u1

247.3-7+deb11u2

247.3-7+deb11u3

247.3-7+deb11u4

247.3-7+deb11u5

247.3-7+deb11u6

247.3-7+deb11u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4105.json"

Debian:12 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

252.*

252.6-1

252.6-1+loong64

252.11-1~deb12u1

252.11-1

252.12-1~deb12u1

252.14-1~deb12u1

252.16-1~deb12u1

252.17-1~deb12u1

252.18-1~deb12u1

252.19-1~deb12u1

252.20-1~deb12u1

252.21-1~deb12u1

252.22-1~deb12u1

252.23-1~deb12u1

252.24-1~deb12u1

252.25-1~deb12u1

252.26-1~deb12u1

252.26-1~deb12u2~bpo11+1

252.26-1~deb12u2

252.27-1~deb12u1

252.28-1~deb12u1

252.29-1~deb12u1~bpo11+1

252.29-1~deb12u1

252.30-1~deb12u1

252.30-1~deb12u2

252.31-1~deb12u1

252.32-1~deb12u1

252.33-1~deb12u1

252.36-1~deb12u1

252.38-1~deb12u1

252.39-1~deb12u1

Other

253~rc2-1

253~rc3-1

253-1

253-2

253-3

253-4

254~rc1-1

254~rc1-2

254~rc1-3

254~rc1-4

254~rc2-1

254~rc2-2

254~rc2-3

254~rc3-1

254~rc3-2

254~rc3-3

254-1

255~rc1-1

255~rc1-2

255~rc1-3

255~rc1-4

255~rc2-1

255~rc2-2

255~rc2-3

255~rc3-1

255~rc3-2

255~rc3-3

255~rc4-1

255~rc4-2

255-1

256~rc1-1~exp

256~rc1-1~exp2

256~rc2-1

256~rc2-2

256~rc2-3

256~rc3-1

256~rc3-2

256~rc3-3

256~rc3-4

256~rc3-5

256~rc3-6

256~rc3-7

256~rc4-1

256-1

256-2

257~rc1-1

257~rc1-2

257~rc1-3

257~rc1-4

257~rc2-1

257~rc2-2

257~rc2-3

257~rc3-1

257-1

257-2

258~rc1-1

258~rc2-1

258~rc2-2

258~rc3-1

258~rc4-1

258-1

259~rc1-1

259~rc2-1

259~rc3-1

259-1

260~rc1-1

260~rc1-2

260~rc2-1

260~rc3-1

260~rc4-1

260-1

253.*

253.5-1

254.*

254.1-1

254.1-2

254.1-3

254.3-1

254.4-1

254.5-1~bpo12+1

254.5-1~bpo12+2

254.5-1~bpo12+3

254.5-1

254.14-1~bpo12+1

254.15-1~bpo12+1

254.16-1~bpo12+1

254.22-1~bpo12+1

254.26-1~bpo12+1

255.*

255.1-1

255.1-2

255.1-3

255.2-1

255.2-2

255.2-3

255.2-4

255.3-1

255.3-2

255.4-1

255.5-1

256.*

256.1-1

256.1-2

256.2-1

256.4-1

256.4-2

256.4-3

256.5-1

256.5-2

256.6-1

256.7-1

256.7-2

256.7-3

257.*

257.1-1

257.1-2

257.1-3

257.1-4

257.1-5

257.1-6

257.1-7

257.2-1

257.2-2

257.2-3

257.3-1

257.4-1

257.4-2

257.4-3

257.4-4

257.4-5

257.4-6

257.4-7

257.4-8

257.4-9

257.5-1

257.5-2

257.6-1

257.7-1

257.8-1~deb13u1

257.8-1~deb13u2

257.9-1~deb13u1

258.*

258.1-1

258.1-2

259.*

259.1-1

260.*

260.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4105.json"

Debian:13 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

257.*

257.7-1

257.8-1~deb13u1

257.8-1~deb13u2

257.9-1~deb13u1

Other

258~rc1-1

258~rc2-1

258~rc2-2

258~rc3-1

258~rc4-1

258-1

259~rc1-1

259~rc2-1

259~rc3-1

259-1

260~rc1-1

260~rc1-2

260~rc2-1

260~rc3-1

260~rc4-1

260-1

258.*

258.1-1

258.1-2

259.*

259.1-1

260.*

260.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4105.json"

Debian:14 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

260~rc3-1

Affected versions

257.*

257.7-1

257.8-1~deb13u1

257.8-1~deb13u2

257.9-1~deb13u1

Other

258~rc1-1

258~rc2-1

258~rc2-2

258~rc3-1

258~rc4-1

258-1

259~rc1-1

259~rc2-1

259~rc3-1

259-1

260~rc1-1

260~rc1-2

260~rc2-1

258.*

258.1-1

258.1-2

259.*

259.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4105.json"