CVE-2026-31710
Path Traversal in Linux Kernel SMB Client
Publication date: 2026-05-01
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 7.0.1 (inc) to 7.0.2 (exc) |
| linux | linux_kernel | 7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's handling of SMB1 UNIX mounts. Specifically, when the function cifs_mount_get_tcon() is called, the mnt_cifs_flags field in the cifs_sb structure must be read or updated only after calling reset_cifs_unix_caps(). Failing to do so can cause the CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits to be missing.
The missing CIFS_MOUNT_POSIX_PATHS bit leads to the use of an incorrect directory separator in paths, which is a bug fixed by this vulnerability resolution.
How can this vulnerability impact me? :
The vulnerability causes the wrong directory separator to be used in paths when mounting SMB1 UNIX shares. This can lead to incorrect file path handling, potentially causing issues with file access, file system navigation, or application behavior relying on correct path separators.