systemd-journald Character Escaping Issue

56% confidence

Description

systemd-journald in systemd 259 does not escape characters in emergency messages that are sent to other users' terminals, potentially leading to display issues. This bug was reported privately to upstream on December 23, 2025, and was disclosed publicly on April 7, 2026.

Affected Products

Vendor	Product	Versions
systemd	systemd	259

CISA KEV❌ No

Actively exploited✅ Yes

PublishedApr 10, 2026

Last enriched2h agov2

Trending Score47

Source articles2

Independent1

Info Completeness6/14

Missing: cve_id, cvss, epss, cwe, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (1)

MEDIUMCVE-2026-29111EXP

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an asse

Trending: 14

Pin to Dashboard

Verification

State: reported

Confidence: 56%

Vulnerability Timeline

CVE Published

Apr 10, 2026

Actively Exploited

Apr 10, 2026

Exploit Available

Apr 10, 2026

Discovered by ZDM

Apr 10, 2026

Updated: description, severity, exploitAvailable, activelyExploited

Apr 10, 2026

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated description with disclosure timeline and changed severity to HIGH, indicating the vulnerability is actively exploited.

descriptionseverityexploitAvailableactivelyExploited

via oss-security

v12h ago

Initial creation