CVE-2026-40225: In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel...

Description

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Ghostwire Analysis — What This Means Practically

Exploitation Probability (EPSS): Low — 0.02% (5th percentile)

Low exploitation probability based on current threat landscape data. Standard patching timeline is appropriate.

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2026-40225: In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel...

Description

Ghostwire Analysis — What This Means Practically

Security Coverage (2 articles)

References