LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-40572

CVE-2026-40572 - Vulnerability Analysis

CriticalCVSS: 9.0

Last Updated: April 18, 2026

NovumOS - Privilege Escalation

Published: April 18, 2026Updated: April 18, 2026

Overview

NovumOS < 0.24 contains a privilege escalation caused by lack of validation in Syscall 15 (MemoryMapRange) allowing user-mode processes to map critical kernel structures, letting local attackers escalate privileges.

Severity & Score

Severity: Critical
CVSS Score: 9.0
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Local attackers can escalate privileges from user mode to kernel context by modifying kernel interrupt handlers.

Mitigation

Update to version 0.24 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 18, 2026

šŸ”“ CVE-2026-40572 - Critical (9) NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validati... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-40572/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 18, 2026

šŸš© CRITICAL: CVE-2026-40572 impacts MinecAnton209 NovumOS < 0.24. Syscall 15 flaw allows local privilege escalation by mapping over kernel memory ā€” patch to v0.24+ ASAP! https://radar.offseq.com/threat/cve-2026-40572-cwe-269-improper-privilege-manageme-6ff979fd #OffSeq #CVE202640572 #NovumOS #Infosec

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 18, 2026

šŸ”“ CVE-2026-40572 - Critical (9) NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validati... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-40572/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
OffSequence
OffSequence
@offseq
Apr 18, 2026

šŸš© CRITICAL: CVE-2026-40572 impacts MinecAnton209 NovumOS < 0.24. Syscall 15 flaw allows local privilege escalation by mapping over kernel memory ā€” patch to v0.24+ ASAP! https://radar.offseq.com/threat/cve-2026-40572-cwe-269-improper-privilege-manageme-6ff979fd #OffSeq #CVE202640572 #NovumOS #Infosec

View original post

Related Resources

Details

CVE ID
CVE-2026-40572
Severity
Critical
CVSS Score
9.0
Type
broken_access_control
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-269

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

EPSS Score

0.0%Probability of exploitation in the next 30 days