{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T03:13:02.158","vulnerabilities":[{"cve":{"id":"CVE-2026-40226","sourceIdentifier":"cve@mitre.org","published":"2026-04-10T16:16:33.447","lastModified":"2026-04-17T22:02:15.393","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-348"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionStartIncluding":"233","versionEndExcluding":"257.12","matchCriteriaId":"29AAD5A6-4198-4D58-9FBB-FE35AFADA909"},{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionStartIncluding":"258","versionEndExcluding":"258.6","matchCriteriaId":"CDEB656F-DF55-418A-A250-E414B7DFF975"},{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionStartIncluding":"259","versionEndExcluding":"259.4","matchCriteriaId":"2D35ABE2-6825-4820-96FA-37601DA85848"}]}]}],"references":[{"url":"https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}}]}