Improper Access Control Vulnerability in SUSE Linux Enterprise Server
CVE-2026-25702

7.3HIGH

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Server
Vendor: CVE Published:; 5 March 2026

What is CVE-2026-25702?

A vulnerability in the kernel of SUSE Linux Enterprise Server 12 SP5 has been identified, which allows for ineffective firewall rules when using nftables. This flaw arises from improper access control mechanisms, leading to potential security risks as firewall configurations may not enforce intended protections. Users running affected versions should evaluate their security posture and consider applying available updates to mitigate this issue.

Affected Version(s)

SUSE Linux Enterprise Server 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 < 9c294edb7085fb91650bc12233495a8974c5ff2d

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25702

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2026
Vulnerability Reserved
Feb 5, 2026

CVE-2026-25702 Data

JSON

Suse

What is CVE-2026-25702?

Affected Version(s)

References

CVSS V3.1

Timeline