CVE-2026-40228
Modified Modified - Updated After Analysis
ANSI Escape Injection in systemd-journald Allows Terminal Manipulation

Publication date: 2026-04-10

Last updated on: 2026-05-05

Assigner: MITRE

Description
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-05-05
Generated
2026-05-07
AI Q&A
2026-04-10
EPSS Evaluated
2026-05-05
NVD
CVE-2026-40228
EUVD
EUVD-2026-21498
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
systemd_project systemd 259
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-669 The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in systemd version 259 where the systemd-journald component can send ANSI escape sequences to the terminals of arbitrary users. This occurs when the "logger -p emerg" command is executed and the ForwardToWall=yes setting is enabled.


How can this vulnerability impact me? :

The vulnerability can impact users by allowing systemd-journald to send potentially malicious ANSI escape sequences to other users' terminals. This could lead to unintended terminal behavior or information display manipulation, although the CVSS score indicates a low severity with no confidentiality or availability impact, but some integrity impact.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart