Vulnerability in Linux Kernel Affects Hash Set Variants
CVE-2026-52921

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52921?

A vulnerability in the Linux kernel's netfilter module affects the iteration of IPv4 ranges in certain ipset hash set variants, including hash:ip,mark, hash:ip,port, and more. The iterator may improperly advance beyond the last address, allowing traversal to continue past the intended boundary. This flaw necessitates explicit handling of the iterator increment to ensure it halts once the upper limit has been processed. This correction maintains the retry behavior for valid ranges while mitigating unintended state advancements.

Affected Version(s)

Linux 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc

Linux 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc < 383418c20e69f5761b6ec5238f599423f4fb77fb

Linux 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc < 0d7b33ace701fe397e6e4de145f32e098178d901

References

https://git.kernel.org/stable/c/be75218fadea22e59c8673db2...

https://git.kernel.org/stable/c/383418c20e69f5761b6ec5238...

https://git.kernel.org/stable/c/0d7b33ace701fe397e6e4de14...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52921 Data

JSON