CVE-2026-29111 — MEDIUM (5.5)

Q: How severe is CVE-2026-29111?

CVE-2026-29111 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-29111?

Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd.

Vulnerability Description

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Systemd Project	Systemd	>= 239, < 257.11

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2026-29111?

CVE-2026-29111 is a vulnerability with a CVSS score of 5.5 (MEDIUM). systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an asse...

How severe is CVE-2026-29111?

CVE-2026-29111 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-29111?

Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd.