Is CVE-2026-40572 actively exploited?

CVE-2026-40572 has no public evidence of in-the-wild exploitation as of 2026-04-27.

What is the CVSS score for CVE-2026-40572?

CVE-2026-40572 has a CVSS score of 9 (CRITICAL severity). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.

How do I patch CVE-2026-40572?

Patch guidance is available from minecanton209 security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-40572.

Which products are affected by CVE-2026-40572?

1 product: minecanton209 novumos.

Fix CVE-2026-40572 - CRITICAL minecanton209 novumos

Description

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical kernel structures such as the IDT, GDT, TSS, and page tables. A local attacker can exploit this to modify kernel interrupt handlers, resulting in privilege escalation from user mode to kernel context. This issue has been fixed in version 0.24.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Attack Vector: local
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: none
Weaknesses: CWE-269 · Improper Privilege Management

Metadata

Primary Vendor: MINECANTON209
Published: 4/18/2026
Last Modified: 4/27/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2026-40572

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary