Linux Kernel Vulnerability in Netfilter Multiport Feature
CVE-2026-31681

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 April 2026

What is CVE-2026-31681?

A vulnerability in the Linux kernel's netfilter component allows for improper validation of port range encoding within multiport rules. The ports_match_v1() function fails to adequately check the legitimacy of given port ranges, leading to potential exploitation through malformed rules that can misinterpret the intended port range logic. This oversight allows for scenarios where rules may be constructed in such a way that they bypass expected validations, risking the robustness of network security configurations.

Affected Version(s)

Linux a89ecb6a2ef732d04058d87801e2b6bd7e5c7089

Linux a89ecb6a2ef732d04058d87801e2b6bd7e5c7089 < 8368ce8eb01f0b91111d814703696e780d0ef12f

Linux a89ecb6a2ef732d04058d87801e2b6bd7e5c7089 < 1e4baa853f1cc4227e04f52d6860524707cfb294

References

https://git.kernel.org/stable/c/aec14808271f2bf2b656de6ff...

https://git.kernel.org/stable/c/8368ce8eb01f0b91111d81470...

https://git.kernel.org/stable/c/1e4baa853f1cc4227e04f52d6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31681 Data

JSON