CVE-2026-31709 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 3, 2026
Linux Kernel - Access Control List Validation Vulnerability
Published: May 1, 2026Updated: May 3, 2026Remote Exploitable
Overview
Linux kernel contains an access control list (ACL) validation vulnerability caused by insufficient validation of DACL structure in smb client cifsacl, letting malicious servers cause out-of-bounds reads by sending truncated DACLs, exploit requires interaction with a malicious SMB server.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
A malicious SMB server can cause out-of-bounds reads, potentially leading to information disclosure or system instability.
Mitigation
Update to the latest Linux kernel version containing the fix for DACL validation.
References
Related Resources
Details
- CVE ID
- CVE-2026-31709
- Severity
- High
- CVSS Score
- 8.8
- Type
- undefined
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H