Is CVE-2023-26604 actively exploited?

CVE-2023-26604 has no public evidence of in-the-wild exploitation as of 2025-06-20.

What is the CVSS score for CVE-2023-26604?

CVE-2023-26604 has a CVSS score of 7.8 (HIGH severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2023-26604?

Patch guidance is available from debian security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-26604.

Fix CVE-2023-26604 - HIGH debian debian linux

Q: Which products are affected by CVE-2023-26604?

2 products: debian debian linux, systemd project systemd.

Description

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: NVD-CWE-noinfoCWE-269 · Improper Privilege Management

Metadata

Primary Vendor: DEBIAN
Published: 3/3/2023
Last Modified: 6/20/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

debian : debian_linuxsystemd_project : systemd

Remediation Guidance

Executive Summary

Cite this page

CVE-2023-26604. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2023-26604

View on NIST NVD

CVE-2023-26604 vulnerability