Out-of-Bound Access in Linux Kernel IPv6 Module
CVE-2026-46260

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 June 2026

What is CVE-2026-46260?

A vulnerability exists within the Linux kernel's IPv6 module where an out-of-bounds read can occur in the fib6_add_rt2node() function. This can lead to potential security risks due to improper access controls during IPv6 route management, specifically when routes are created involving the RTA_NH_ID parameter. A crucial check for the fib6_nh structure was implemented to prevent reading beyond allocated memory, thereby enhancing stability and security within the kernel.

Affected Version(s)

Linux 50b7c7a255858a85c4636a1e990ca04591153dca

Linux d8143c54ceeba232dc8a13aa0afa14a44b371d93

Linux b8ad2d53f706aeea833d23d45c0758398fede580 < 03b5051e02f5a3772eee57493ad697d4b505b0c2

References

https://git.kernel.org/stable/c/bcc60ad129ae1837cf809c81b...

https://git.kernel.org/stable/c/bf5009a06e03ee9a51052bb59...

https://git.kernel.org/stable/c/03b5051e02f5a3772eee57493...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46260 Data

JSON