Is CVE-2026-40317 actively exploited?

CVE-2026-40317 has no public evidence of in-the-wild exploitation as of 2026-04-27.

What is the CVSS score for CVE-2026-40317?

CVE-2026-40317 has a CVSS score of 9.3 (CRITICAL severity). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2026-40317?

Patch guidance is available from minecanton209 security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-40317.

Which products are affected by CVE-2026-40317?

1 product: minecanton209 novumos.

Fix CVE-2026-40317 - CRITICAL minecanton209 novumos

Description

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel addresses and execute arbitrary code in Ring 0 context, resulting in local privilege escalation. This issue has been fixed in version 0.24. If developers are unable to immediately update, they should restrict syscall access by running the system in single-user mode without Ring 3, and disable user-mode processes by only running kernel shell with no user processes. This issue has been fixed in version 0.24.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-20 · Improper Input Validation CWE-269 · Improper Privilege Management

Metadata

Primary Vendor: MINECANTON209
Published: 4/18/2026
Last Modified: 4/27/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

minecanton209 : novumos

Remediation Guidance

Executive Summary

Cite this page

CVE-2026-40317. CVEDatabase.com. Retrieved 3 May 2026. https://cvedatabase.com/cve/CVE-2026-40317

View on NIST NVD

CVE-2026-40317 vulnerability