{"api_version":"1","generated_at":"2026-04-22T23:31:41+00:00","cve":"CVE-2023-26604","urls":{"html":"https://cve.report/CVE-2023-26604","api":"https://cve.report/api/cve/CVE-2023-26604.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-26604","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-26604"},"summary":{"title":"CVE-2023-26604","description":"systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-03-03 16:15:00","updated_at":"2023-11-07 04:09:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340","name":"https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340","refsource":"MISC","tags":[],"title":"systemd/NEWS at main · systemd/systemd · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/","name":"https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/","refsource":"MISC","tags":[],"title":"Dangerous Sudoers Entries – PART 2: Insecure Functionality – Compass Security Blog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html","name":"http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html","refsource":"MISC","tags":[],"title":"systemd 246 Local Root Privilege Escalation ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230505-0009/","name":"https://security.netapp.com/advisory/ntap-20230505-0009/","refsource":"CONFIRM","tags":[],"title":"CVE-2023-26604 Systemd Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7","name":"https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7","refsource":"MISC","tags":[],"title":"CVE-2023–26604. How did i find it? | by Zenmovie | Mar, 2023 | Medium","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html","name":"[debian-lts-announce] 20230331 [SECURITY] [DLA 3377-1] systemd security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3377-1] systemd security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7","name":"https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7","refsource":"","tags":[],"title":"CVE-2023–26604. How did i find it? | by Zenmovie | Medium","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-26604","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26604","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"26604","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"systemd_project","cpe5":"systemd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-26604","qid":"160799","title":"Oracle Enterprise Linux Security Update for systemd (ELSA-2023-3837)"},{"cve":"CVE-2023-26604","qid":"181648","title":"Debian Security Update for systemd (DLA 3377-1)"},{"cve":"CVE-2023-26604","qid":"181717","title":"Debian Security Update for systemd (CVE-2023-26604)"},{"cve":"CVE-2023-26604","qid":"241757","title":"Red Hat Update for systemd (RHSA-2023:3837)"},{"cve":"CVE-2023-26604","qid":"243029","title":"Red Hat Update for systemd (RHSA-2024:1105)"},{"cve":"CVE-2023-26604","qid":"354852","title":"Amazon Linux Security Advisory for systemd : ALAS2-2023-2004"},{"cve":"CVE-2023-26604","qid":"672904","title":"EulerOS Security Update for systemd (EulerOS-SA-2023-1814)"},{"cve":"CVE-2023-26604","qid":"672954","title":"EulerOS Security Update for systemd (EulerOS-SA-2023-1832)"},{"cve":"CVE-2023-26604","qid":"672987","title":"EulerOS Security Update for systemd (EulerOS-SA-2023-1855)"},{"cve":"CVE-2023-26604","qid":"672993","title":"EulerOS Security Update for systemd (EulerOS-SA-2023-1880)"},{"cve":"CVE-2023-26604","qid":"673426","title":"EulerOS Security Update for systemd (EulerOS-SA-2024-1303)"},{"cve":"CVE-2023-26604","qid":"753849","title":"SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2023:1622-1)"},{"cve":"CVE-2023-26604","qid":"753894","title":"SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2023:1776-1)"},{"cve":"CVE-2023-26604","qid":"906773","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (25572-1)"},{"cve":"CVE-2023-26604","qid":"941160","title":"AlmaLinux Security Update for systemd (ALSA-2023:3837)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-26604","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7","url":"https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7"},{"refsource":"MISC","name":"https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340","url":"https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340"},{"refsource":"MISC","name":"https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/","url":"https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230331 [SECURITY] [DLA 3377-1] systemd security update","url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230505-0009/","url":"https://security.netapp.com/advisory/ntap-20230505-0009/"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html","url":"http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html"}]}},"nvd":{"publishedDate":"2023-03-03 16:15:00","lastModifiedDate":"2023-11-07 04:09:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionEndExcluding":"247","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}