Is CVE-2026-29111 actively exploited?

CVE-2026-29111 has no public evidence of in-the-wild exploitation as of 2026-04-15.

What is the CVSS score for CVE-2026-29111?

CVE-2026-29111 has a CVSS score of 5.5 (MEDIUM severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2026-29111?

Patch guidance is available from systemd project security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-29111.

CVE-2026-29111 - remediation guidance & executive summary

Q: Which products are affected by CVE-2026-29111?

3 products: systemd project systemd, systemd project systemd, systemd project systemd.

Description

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-269 · Improper Privilege ManagementNVD-CWE-noinfo

Metadata

Primary Vendor: SYSTEMD_PROJECT
Published: 3/23/2026
Last Modified: 4/15/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

systemd_project : systemdsystemd_project : systemdsystemd_project : systemd

Remediation Guidance

Executive Summary

Cite this page

CVE-2026-29111. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-29111

View on NIST NVD

CVE-2026-29111 vulnerability