Network Namespace Vulnerability in Linux Kernel Affecting Multiple Device Types
CVE-2026-31692

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-31692?

A vulnerability in the Linux kernel's rtnetlink functionality enables unprivileged users with a user namespace to create network interfaces across arbitrary network namespaces, including the initial network namespace (init_net). This issue arises due to a lack of a proper CAP_NET_ADMIN capability check within the rtnl_newlink function when handling paired devices, such as veth, vxcan, and netkit. To mitigate this risk, it is essential to enforce a netlink_ns_capable() check for CAP_NET_ADMIN privileges in the peer namespace before allowing device creation to proceed.

Affected Version(s)

Linux 81adee47dfb608df3ad0b91d230fb3cef75f0060 < 0975b64ffb34560042090a5986c3a02e6c80f36f

Linux 81adee47dfb608df3ad0b91d230fb3cef75f0060

Linux 81adee47dfb608df3ad0b91d230fb3cef75f0060 < 7b735ef81286007794a227ce2539419479c02a5f

References

https://git.kernel.org/stable/c/0975b64ffb34560042090a598...

https://git.kernel.org/stable/c/d04cc16d3624218a5458b2b66...

https://git.kernel.org/stable/c/7b735ef81286007794a227ce2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31692 Data

JSON