Linux Kernel Vulnerability in ksmbd Affecting Session Binding
CVE-2026-52911

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 June 2026

What is CVE-2026-52911?

A vulnerability in the Linux kernel's ksmbd module increases the risk of unauthorized session access. When a SESSION_SETUP command modifies the connection's binding flag, it inadvertently allows a global session lookup to potentially match sessions not actually associated with the connection. This occurs because the conn->binding flag remains active after the call, leading to insecure session handling. The mitigation restricts the session lookup, ensuring that only sessions bound to the specific connection can be resolved, enhancing overall session integrity and security.

Affected Version(s)

Linux f5a544e3bab78142207e0242d22442db85ba1eff

Linux f5a544e3bab78142207e0242d22442db85ba1eff < 1ff46c9915c1cbf454db58a8cb87f7cac818e6a6

References

https://git.kernel.org/stable/c/e74c00c6af428a39e564cdc5b...

https://git.kernel.org/stable/c/e3a93ce6e25757b8f375e38b8...

https://git.kernel.org/stable/c/1ff46c9915c1cbf454db58a8c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52911 Data

JSON