← Back ⬡ Vulnerabilities & CVEs Mar 20, 2026

CVE-2026-23278 | Linux Kernel up to 6.18.18/6.19.8/7.0-rc3 netfilter nf_tables.h nf_tables privilege escalation (EUVD-2026-13614)

VulDB Archived Mar 20, 2026 ✓ Full text saved

A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.18/6.19.8/7.0-rc3 . Impacted is the function nf_tables in the library /include/net/netfilter/nf_tables.h of the component netfilter . This manipulation causes privilege escalation. This vulnerability is tracked as CVE-2026-23278 . The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

Full text archived locally

✦ AI Summary · Claude Sonnet

VDB-352028 · CVE-2026-23278 · EUVD-2026-13614 LINUX KERNEL UP TO 6.18.18/6.19.8/7.0-RC3 NETFILTER NF_TABLES.H NF_TABLES PRIVILEGE ESCALATION HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.3 $0-$5k 2.02+ Summaryinfo A vulnerability described as critical has been identified in Linux Kernel up to 6.18.18/6.19.8/7.0-rc3. The affected element is the function nf_tables in the library /include/net/netfilter/nf_tables.h of the component netfilter. Such manipulation leads to an unknown weakness. This vulnerability is listed as CVE-2026-23278. There is no available exploit. Upgrading the affected component is recommended. Detailsinfo A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.18/6.19.8/7.0-rc3. Affected by this issue is the function nf_tables in the library /include/net/netfilter/nf_tables.h of the component netfilter. The impact remains unknown. CVE summarizes: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part of the new batch. If the map holding the catchall elements is also going away, its required to toggle all catchall elements and not just the first viable candidate. Otherwise, we get: WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404 RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables] [..] __nft_set_elem_destroy+0x106/0x380 [nf_tables] nf_tables_abort_release+0x348/0x8d0 [nf_tables] nf_tables_abort+0xcf2/0x3ac0 [nf_tables] nfnetlink_rcv_batch+0x9c9/0x20e0 [..] The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2026-23278 since 01/13/2026. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 03/20/2026). Upgrading to version 6.18.19, 6.19.9 or 7.0-rc4 eliminates this vulnerability. Applying the patch de47a88c6b807910f05703fb6605f7efdaa11417/77c26b5056d693ffe5e9f040e946251cdb55ae55/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-13614). Productinfo Type Operating System Vendor Linux Name Kernel Version 6.18.0 6.18.1 6.18.2 6.18.3 6.18.4 6.18.5 6.18.6 6.18.7 6.18.8 6.18.9 6.18.10 6.18.11 6.18.12 6.18.13 6.18.14 6.18.15 6.18.16 6.18.17 6.18.18 6.19.0 6.19.1 6.19.2 6.19.3 6.19.4 6.19.5 6.19.6 6.19.7 6.19.8 7.0-rc1 7.0-rc2 7.0-rc3 License open-source Website Vendor: https://www.kernel.org/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.5 VulDB Meta Temp Score: 5.3 VulDB Base Score: 5.5 VulDB Temp Score: 5.3 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Privilege escalation CWE: Unknown CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Kernel 6.18.19/6.19.9/7.0-rc4 Patch: de47a88c6b807910f05703fb6605f7efdaa11417/77c26b5056d693ffe5e9f040e946251cdb55ae55/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9 Timelineinfo 01/13/2026 CVE reserved 03/20/2026 +66 days Advisory disclosed 03/20/2026 +0 days VulDB entry created 03/20/2026 +0 days VulDB entry last update Sourcesinfo Vendor: kernel.org Advisory: git.kernel.org Status: Confirmed CVE: CVE-2026-23278 (🔒) GCVE (CVE): GCVE-0-2026-23278 GCVE (VulDB): GCVE-100-352028 EUVD: 🔒 Entryinfo Created: 03/20/2026 09:48 Updated: 03/20/2026 10:36 Changes: 03/20/2026 09:48 (59), 03/20/2026 10:36 (1) Complete: 🔍 Cache ID: 99:88A:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸

💬 Team Notes