Linux Kernel Netfilter Vulnerability Affecting Pending Catchall Elements
CVE-2026-23278

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 March 2026

What is CVE-2026-23278?

The Linux kernel has a vulnerability in the netfilter module that affects how pending catchall elements are managed during transaction processing. This issue arises when there is one active and one pending catchall element. The system must correctly handle these elements to prevent potential instability. Failure to do so can lead to improper resource handling and system warnings, signaling issues during the lifecycle of netfilter operations. Addressing this vulnerability is critical to ensure the integrity and reliability of transaction processing within the Linux network stack.

Affected Version(s)

Linux 628bd3e49cba1c066228e23d71a852c23e26da73

Linux 628bd3e49cba1c066228e23d71a852c23e26da73 < 77c26b5056d693ffe5e9f040e946251cdb55ae55

References

https://git.kernel.org/stable/c/eb0948fa13298212c5f8b30ee...

https://git.kernel.org/stable/c/de47a88c6b807910f05703fb6...

https://git.kernel.org/stable/c/77c26b5056d693ffe5e9f040e...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Jan 13, 2026

CVE-2026-23278 Data

JSON