Linux Kernel Vulnerability in IPv6 Segmentation and Routing
CVE-2026-46099

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-46099?

A significant vulnerability in the Linux kernel's handling of IPv6 segmentation and routing can lead to a use-after-free condition. This flaw originates from the interaction between seg6_input_core() and rpl_input() functions, where a 'NOREF' destination entry is set but not properly handled under concurrent high-priority task execution. A potential attacker could exploit this condition, leading to unauthorized access or system instability. The vulnerability has been addressed by ensuring that the destination entries are properly referenced before caching. Users and administrators are strongly advised to update their systems to mitigate any risks associated with this issue.

Affected Version(s)

Linux af4a2209b1344939eaac11f269c261d347cbc3ee < 6bd17925bd6866027a6555db17905b9fc073d38d

Linux af4a2209b1344939eaac11f269c261d347cbc3ee < 52f9db67f8f35f436366cf4980b4f0a2583d0ef0

Linux af4a2209b1344939eaac11f269c261d347cbc3ee

References

https://git.kernel.org/stable/c/6bd17925bd6866027a6555db1...

https://git.kernel.org/stable/c/52f9db67f8f35f436366cf498...

https://git.kernel.org/stable/c/b778b6d095421619c331fd2d7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46099 Data

JSON