btrfs Vulnerability in Linux Kernel by Linux Foundation
CVE-2026-31666

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31666?

A vulnerability in the btrfs component of the Linux kernel has been identified due to improper return value handling during the lookup of extent data references. Following a code refactor, the logic incorrectly returns a success response even when the lookup fails due to mismatched keys. This issue leads to potential operations on incorrect extent tree items, risking integrity and corrupting the extent tree. A fix has been applied to ensure that the appropriate error code is returned, maintaining the operational integrity of the btrfs file system.

Affected Version(s)

Linux 1618aa3c2e0163f5ac34d514ae89474521910536 < 4125a194db4a6cf91f619f38788272651cb97dce

Linux 1618aa3c2e0163f5ac34d514ae89474521910536 < 450e6a685d0cad95b15f8af152057bd0bf79f50b

Linux 1618aa3c2e0163f5ac34d514ae89474521910536

References

https://git.kernel.org/stable/c/4125a194db4a6cf91f619f387...

https://git.kernel.org/stable/c/450e6a685d0cad95b15f8af15...

https://git.kernel.org/stable/c/ab1e022379c3c811aa72da8eb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31666 Data

JSON