Fluid Attacks Database

Description

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	systemd	=257.7-1 \|\| =257.8-1~deb13u1 \|\| =257.8-1~deb13u2 \|\| =257.9-1~deb13u1 \|\| >=0 <257.13-1~deb13u1	257.13-1~deb13u1
debian 14	systemd	=257.13-1~deb13u1 \|\| =257.7-1 \|\| =257.8-1~deb13u1 \|\| =257.8-1~deb13u2 \|\| =257.9-1~deb13u1 \|\| =258-1 \|\| =258.1-1 \|\| =258.1-2 \|\| =258~rc1-1 \|\| =258~rc2-1 \|\| =258~rc2-2 \|\| =258~rc3-1 \|\| =258~rc4-1 \|\| =259-1 \|\| =259.1-1 \|\| =259~rc1-1 \|\| =259~rc2-1 \|\| =259~rc3-1 \|\| =260~rc1-1 \|\| =260~rc1-2 \|\| =260~rc2-1 \|\| >=0 <260~rc3-1	260~rc3-1
rpm rhel10	rpm-ostree	-	-
rpm rhel10	NetworkManager	-	-
rpm rhel9	systemd	-	-
rpm rhel10	systemd	-	-
debian 11	systemd	=247.3-6 \|\| =247.3-7 \|\| =247.3-7+deb11u1 \|\| =247.3-7+deb11u2 \|\| =247.3-7+deb11u3 \|\| =247.3-7+deb11u4 \|\| =247.3-7+deb11u5 \|\| =247.3-7+deb11u6 \|\| =247.3-7+deb11u7 \|\| >=0 <247.3-7+deb11u8	247.3-7+deb11u8
debian 12	systemd	=252.11-1 \|\| =252.11-1~deb12u1 \|\| =252.12-1~deb12u1 \|\| =252.14-1~deb12u1 \|\| =252.16-1~deb12u1 \|\| =252.17-1~deb12u1 \|\| =252.18-1~deb12u1 \|\| =252.19-1~deb12u1 \|\| =252.20-1~deb12u1 \|\| =252.21-1~deb12u1 \|\| =252.22-1~deb12u1 \|\| =252.23-1~deb12u1 \|\| =252.24-1~deb12u1 \|\| =252.25-1~deb12u1 \|\| =252.26-1~deb12u1 \|\| =252.26-1~deb12u2 \|\| =252.26-1~deb12u2~bpo11+1 \|\| =252.27-1~deb12u1 \|\| =252.28-1~deb12u1 \|\| =252.29-1~deb12u1 \|\| =252.29-1~deb12u1~bpo11+1 \|\| =252.30-1~deb12u1 \|\| =252.30-1~deb12u2 \|\| =252.31-1~deb12u1 \|\| =252.32-1~deb12u1 \|\| =252.33-1~deb12u1 \|\| =252.36-1~deb12u1 \|\| =252.38-1~deb12u1 \|\| =252.39-1~deb12u1 \|\| =252.6-1 \|\| =252.6-1+loong64 \|\| >=0 <252.39-1~deb12u2	252.39-1~deb12u2
rpm rhel8	NetworkManager	-	-
rpm rhel9	NetworkManager	-	-

1-10 of 12

Aliases

1. CVE-2026-41052. NVD-2026-41053. OSV-DEBIAN-2026-41054. OSV-2026-41055. SECURITY-TRACKER-CVE-2026-4105

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.