diff --git a/src/analyze/analyze-verify-util.c b/src/analyze/analyze-verify-util.c
index 0202db77135..bc61ebe2b17 100644
--- a/src/analyze/analyze-verify-util.c
+++ b/src/analyze/analyze-verify-util.c
@@ -201,19 +201,23 @@ static int verify_executables(Unit *u, const char *root) {
 
         assert(u);
 
-        ExecCommand *exec =
-                u->type == UNIT_SOCKET ? SOCKET(u)->control_command :
-                u->type == UNIT_MOUNT ? MOUNT(u)->control_command :
-                u->type == UNIT_SWAP ? SWAP(u)->control_command : NULL;
-        RET_GATHER(r, verify_executable(u, exec, root));
+        if (u->type == UNIT_MOUNT)
+                FOREACH_ARRAY(i, MOUNT(u)->exec_command, ELEMENTSOF(MOUNT(u)->exec_command))
+                        RET_GATHER(r, verify_executable(u, i, root));
 
         if (u->type == UNIT_SERVICE)
                 FOREACH_ARRAY(i, SERVICE(u)->exec_command, ELEMENTSOF(SERVICE(u)->exec_command))
-                        RET_GATHER(r, verify_executable(u, *i, root));
+                        LIST_FOREACH(command, j, *i)
+                                RET_GATHER(r, verify_executable(u, j, root));
 
         if (u->type == UNIT_SOCKET)
                 FOREACH_ARRAY(i, SOCKET(u)->exec_command, ELEMENTSOF(SOCKET(u)->exec_command))
-                        RET_GATHER(r, verify_executable(u, *i, root));
+                        LIST_FOREACH(command, j, *i)
+                                RET_GATHER(r, verify_executable(u, j, root));
+
+        if (u->type == UNIT_SWAP)
+                FOREACH_ARRAY(i, SWAP(u)->exec_command, ELEMENTSOF(SWAP(u)->exec_command))
+                        RET_GATHER(r, verify_executable(u, i, root));
 
         return r;
 }
diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh
index 4c92683ce01..078bc8b5f53 100755
--- a/test/units/testsuite-65.sh
+++ b/test/units/testsuite-65.sh
@@ -337,6 +337,17 @@ systemd-analyze verify /tmp/hoge@test.service
 (! systemd-analyze verify /tmp/hoge@nonexist.service)
 (! systemd-analyze verify /tmp/hoge@.service)
 
+# test that all commands are verified.
+cat <<EOF >/tmp/multi-exec-start.service
+[Service]
+Type=oneshot
+ExecStart=true
+ExecStart=ls
+EOF
+systemd-analyze verify /tmp/multi-exec-start.service
+echo 'ExecStart=command-should-not-exist' >>/tmp/multi-exec-start.service
+(! systemd-analyze verify /tmp/multi-exec-start.service)
+
 # Added an additional "INVALID_ID" id to the .json to verify that nothing breaks when input is malformed
 # The PrivateNetwork id description and weight was changed to verify that 'security' is actually reading in
 # values from the .json file when required. The default weight for "PrivateNetwork" is 2500, and the new weight