CVE-2026-31637 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 27, 2026
Linux Kernel - Authentication Bypass
Published: April 24, 2026Updated: April 27, 2026Remote Exploitable
Overview
Linux kernel contains a broken authentication caused by improper handling of RXKAD response ticket decryption in rxkad_decrypt_ticket(), letting attackers send malformed responses to bypass decryption checks, exploit requires network access to send crafted RXKAD responses.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can bypass decryption checks, potentially leading to unauthorized access or denial of service by aborting connections.
Mitigation
Update to the latest Linux kernel version with the fix for RXKAD ticket decryption.
References
- https://git.kernel.org/stable/c/47073aab8a3a5a7b41c9bd37d2a3dcbeeccd6c8a
- https://git.kernel.org/stable/c/58fcd1b156152613ba00a064a129fb69507ddd7d
- https://git.kernel.org/stable/c/a149dcae23309df9de1c3b6b5d468610ef5ab7de
- https://git.kernel.org/stable/c/fe4447cd95623b1cfacc15f280aab73a6d7340b2
- https://git.kernel.org/stable/c/22f6258e7b31dba9bf88dce4e3ee7f0f20072e60
Related Resources
Details
- CVE ID
- CVE-2026-31637
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H