VDB

CVE-2026-4105

CVE-2026-4105 PUBLISHED CVSS 6.699999809265137 MEDIUM

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

EPSS 0.01% · 1.2th percentile

Risk Scores

CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.01%
1.2th percentile

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 8

Exploit Intelligence

…and 2 more exploits

Timeline

  • Mar 13, 2026 EPSS Score
  • Mar 13, 2026 CVE Published
  • Mar 13, 2026 PoC Published
  • Mar 14, 2026 EPSS Score
  • Mar 15, 2026 EPSS Score
  • Mar 16, 2026 EPSS Score
  • Mar 16, 2026 CVE Updated
  • Mar 17, 2026 EPSS Score
  • Mar 17, 2026 Coalition ESS Score
  • Mar 18, 2026 EPSS Score
  • Mar 19, 2026 EPSS Score
  • Mar 20, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›