What is CVE-2026-40225?

CVE-2026-40225 is a security advisory published by Microsoft Security Response Center (MSRC) with Medium severity. In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Which CVE IDs does CVE-2026-40225 cover?

CVE-2026-40225 covers the following CVE IDs: CVE-2026-40225. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of CVE-2026-40225?

CVE-2026-40225 has a CVSS v3 base score of 6.4, published by Microsoft Security Response Center (MSRC).

CVE-2026-40225MediumCVSS 6.4

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Vendor

Microsoft Security Response Center (MSRC)

Published

June 2, 2026

Last Modified

—

🔗 CVE IDs covered (1)

CVE-2026-40225 →