CVE-2026-4105

Systemd: systemd: privilege escalation via improper access control in registermachine d-bus method

CVSS 6.7 MEDIUMEPSS 0.1%CWE-284

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

Red Hat · Red Hat Enterprise Linux 10 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat Hardened Images Red Hat · Red Hat OpenShift Container Platform 4

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/errata/RHSA-2026:7299 https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862