CVE-2026-4105
MEDIUM6.7EPSS 0.01%發布日:2026/3/13修改日:2026/5/16
也稱為:DEBIAN-CVE-2026-4105
描述
A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.
受影響套件(1)
- Debian/systemdfrom 0, < 247.3-7+deb11u8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |