Linux Kernel Vulnerability in Netfilter Affecting IP6T Routing Rules
CVE-2026-31674

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 April 2026

What is CVE-2026-31674?

A vulnerability in the Linux kernel's netfilter component allows for incorrect validation of address numbers in routing match rules. Specifically, the function responsible for validating these rules, rt_mt6_check(), fails to reject oversized addrnr fields, potentially leading to out-of-bounds access and manipulation of match logic. This issue emphasizes the importance of rigorous input validation during rule installation, ensuring that malformed rules are caught before they are processed, thereby maintaining system security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 13e3e30ed3b5b67cc1db2bd58a5d09b0f07debfa

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 29ea965a1353bc8303877422f79c8211e9ba9c55

References

https://git.kernel.org/stable/c/13e3e30ed3b5b67cc1db2bd58...

https://git.kernel.org/stable/c/af9b7e2b765966457f4ec23be...

https://git.kernel.org/stable/c/29ea965a1353bc8303877422f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31674 Data

JSON