Linux Kernel SMB1 Client Vulnerability with CIFS UNIX Mounts
CVE-2026-31710

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31710?

A vulnerability in the Linux kernel's SMB1 client affects UNIX mounts where improper handling of CIFS flags can lead to incorrect directory separators in paths. The issue arises when cifs_mount_get_tcon() is called without properly resetting the UNIX capabilities, resulting in the loss of important flags like CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS. This can cause significant problems in file path resolutions, impacting data integrity and system functionality.

Affected Version(s)

Linux 4fc3a433c13944ee5766ec5b9bf6f1eb4d29b880

Linux 7.0

References

https://git.kernel.org/stable/c/fbbfcf35e1ee3396631f3dc62...

https://git.kernel.org/stable/c/c4d3fc5844d685441befd0caa...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31710 Data

JSON