What is the CVSS score of CVE-2026-23558?

CVE-2026-23558 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux are affected by CVE-2026-23558?

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/28. dvisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command (Xen.org security team )…. A patch is available.

Is there a patch available for CVE-2026-23558?

Yes, a patch is available for CVE-2026-23558. Update the affected software to the latest version immediately.

Linux CVE-2026-23558

EUVD-2026-30928 HIGH

Race Condition (CWE-362)

2026-05-08

GHSA-4qf9-g5cf-cx9j

Buffer Overflow Linux Race Condition Suse

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

CVE Published

May 08, 2026 - 06:45 nvd

UNKNOWN (no severity yet)

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

Analysis Pending

This CVE was just disclosed and hasn’t been processed by NVD yet. Full analysis – including CVSS score, severity rating, and remediation guidance – will appear here once NVD publishes it.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47337 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) allows an unprivileged local

CVE-2026-45844 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload par

CVE-2026-45837 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena_vm_close on fork

CVE-2026-45838 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroup_storage_ge

Vendor StatusVendor

CVE-2026-23558 vulnerability details – vuln.today

Back

Linux CVE-2026-23558

CVSS VectorNVD

Lifecycle Timeline

Description PRE-NVD

Analysis Pending

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code