CVE-2026-4105

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions systemd (affected versions not specified)

Description The systemd-machined service has an issue with access control due to inadequate validation of the class parameter within the RegisterMachine D-Bus method. A local user with limited privileges can exploit this by registering a machine with a specific class value. This action can create a machine object controlled by the attacker, enabling them to execute methods on a privileged object. Successful exploitation allows the attacker to run arbitrary commands with root privileges on the host system. The D-Bus method involved is RegisterMachine.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2026-4105

ECHO-230A-8355-8606

GHSA-4H6X-R8VX-3862

OESA-2026-1910

OESA-2026-1911

OESA-2026-1912

OESA-2026-1913

OESA-2026-1914

OESA-2026-1915

OPENSUSE-SU-2026:10624-1

OPENSUSE-SU-2026:20471-1

RHSA-2026:7299

SUSE-SU-2026:0990-1

SUSE-SU-2026:0991-1

SUSE-SU-2026:1040-1

SUSE-SU-2026:1061-1

SUSE-SU-2026:20822-1

SUSE-SU-2026:20826-1

SUSE-SU-2026:21003-1

SUSE-SU-2026:21144-1

Affected Products

Systemd

CVE-2026-4105

Weakness Enumeration

Related Identifiers

Affected Products

References · 62