CVE-2026-31710
Received Received - Intake
Path Traversal in Linux Kernel SMB Client

Publication date: 2026-05-01

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifs_mount_get_tcon() with SMB1 UNIX mounts, @cifs_sb->mnt_cifs_flags needs to be read or updated only after calling reset_cifs_unix_caps(), otherwise it might end up with missing CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits. This fixes the wrong dir separator used in paths caused by the missing CIFS_MOUNT_POSIX_PATHS bit in cifs_sb_info::mnt_cifs_flags.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31710
EUVD
EUVD-2026-26519
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 7.0.1 (inc) to 7.0.2 (exc)
linux linux_kernel 7.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's handling of SMB1 UNIX mounts. Specifically, when the function cifs_mount_get_tcon() is called, the mnt_cifs_flags field in the cifs_sb structure must be read or updated only after calling reset_cifs_unix_caps(). Failing to do so can cause the CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits to be missing.

The missing CIFS_MOUNT_POSIX_PATHS bit leads to the use of an incorrect directory separator in paths, which is a bug fixed by this vulnerability resolution.

Impact Analysis

The vulnerability causes the wrong directory separator to be used in paths when mounting SMB1 UNIX shares. This can lead to incorrect file path handling, potentially causing issues with file access, file system navigation, or application behavior relying on correct path separators.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31710. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart