Home / Vulnerability Intelligence / CVE-2026-43391

CVE-2026-43391 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: May 11, 2026

Linux kernel - Broken Access Control

Published: May 8, 2026Updated: May 11, 2026

Overview

Linux kernel contains a broken access control vulnerability caused by insufficient permission checks in nsfs handle opening, letting privileged services potentially leak namespace information, exploit requires privileged service access.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Privileged services can leak information about other privileged namespaces, risking information disclosure between services.

Mitigation

Update to the latest Linux kernel version with tightened nsfs permission checks.

References

https://git.kernel.org/stable/c/1797ee11451f1b2be69863a9f5bd43b948813fdf
https://git.kernel.org/stable/c/d2324a9317f00013facb0ba00b00440e19d2af5e

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-43391
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: new

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H