CVE-2026-31496
Netfilter nf_conntrack_expect NetNS Bypass Vulnerability in Linux Kernel
Publication date: 2026-04-22
Last updated on: 2026-04-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.21 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.11 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.131 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.80 (exc) |
| linux | linux_kernel | From 2.6.28.1 (inc) to 6.1.168 (exc) |
| linux | linux_kernel | 2.6.28 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's netfilter component involves the nf_conntrack_expect feature. It allows skipping of connection tracking expectations that do not belong to the current network namespace (netns) when accessed via the proc filesystem.
Essentially, the vulnerability relates to improper handling of connection tracking expectations across different network namespaces, which could lead to exposure or interference between namespaces.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow processes or users to access or interfere with connection tracking expectations that belong to other network namespaces. This could lead to potential information leakage or unintended network behavior across isolated network environments.