CVE-2026-4105

Name	CVE-2026-4105
Description	A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-4533-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
systemd (PTS)	bullseye	247.3-7+deb11u5	vulnerable
	bullseye (security)	247.3-7+deb11u8	fixed
	bookworm	252.39-1~deb12u2	fixed
	bookworm (security)	252.38-1~deb12u1	vulnerable
	trixie	257.13-1~deb13u1	fixed
	forky	260.1-1	fixed
	sid	261~rc2-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
systemd	source	bullseye	247.3-7+deb11u8	DLA-4533-1
systemd	source	bookworm	252.39-1~deb12u2
systemd	source	trixie	257.13-1~deb13u1
systemd	source	(unstable)	260~rc3-1

Notes

https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862
Introduced with: https://github.com/systemd/systemd/commit/fbe550738d03b178bb004a1390e74115e904118a (v225)
Fixed by: https://github.com/systemd/systemd/commit/6df5f80bd374be1b45c52d740e88f0236da922c7 (v260-rc3)
Fixed by: https://github.com/systemd/systemd/commit/497d0172416cbb5b70f96b95399d041407c223bd (v259.4)
Fixed by: https://github.com/systemd/systemd/commit/6941d92dc299667036cbe264435971cec59ebc76 (v257.12)