CVE-2026-4105

Name: CVE-2026-4105
Creator: NVD / NIST
Published: 2026-03-13T19:55:13.673+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.14%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.14%

3.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-284

References

Timeline

Published: Mar 13, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-4105?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST