Linux Kernel Vulnerability in IP6_VTI Fallback Device
CVE-2026-52909

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-52909?

The Linux kernel has a vulnerability related to the initialization of the netns_immutable flag on the fallback device for the IP6_VTI tunnel. This oversight can lead to the fallback tunnel device, ip6_vti0, being moved to another network namespace, potentially exposing the system to unauthorized access and manipulation. Other similar tunnel drivers have been correctly handling this flag, but the absence of this precaution in the vti6_init_net() function raises significant security concerns for users relying on the IPv6 Virtual Tunnel Interface. Mitigating this issue is crucial to maintaining network integrity and security.

Affected Version(s)

Linux 61220ab349485d911083d0b7990ccd3db6c63297

References

https://git.kernel.org/stable/c/ecf8904067dcba0dad86ece80...

https://git.kernel.org/stable/c/dcdce3bc9f08026ff3739ee73...

https://git.kernel.org/stable/c/d289d5307762d1838aaece22c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52909 Data

JSON