MPLS Payload Length Validation Vulnerability in Linux Kernel by Open vSwitch
CVE-2026-31679

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 April 2026

What is CVE-2026-31679?

A vulnerability in the Linux kernel affecting Open vSwitch allows for improper validation of MPLS payload lengths in SET and SET_MASKED actions. The validate_set() function mistakenly accepts variable-sized MPLS payloads, which can lead to unexpected behaviors during action handling. The kernel expects fixed-size MPLS key data, and failure to validate this can compromise network integrity. To address this issue, the kernel has been updated to reject non-matching MPLS action key sizes early, enhancing operational security and mitigating potential exploits.

Affected Version(s)

Linux fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 < 68f32ef0683c8d1c05cd2e4f16818fa63ff59c6f

Linux fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 < 4cae986225f8b8679ad86b924918e7d75a96aa61

Linux fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 < 8ed7b9930cbc3bc71f868fa79a68700ac88d586a

References

https://git.kernel.org/stable/c/68f32ef0683c8d1c05cd2e4f1...

https://git.kernel.org/stable/c/4cae986225f8b8679ad86b924...

https://git.kernel.org/stable/c/8ed7b9930cbc3bc71f868fa79...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31679 Data

JSON