What is the CVSS score of CVE-2026-46333?

CVE-2026-46333 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by CVE-2026-46333?

A local privilege escalation vulnerability in Linux kernel ptrace functionality (CVE-2026-46333) allows authenticated users with system access to escalate privileges and extract sensitive kernel…. A patch is available.

Is there a public PoC exploit available for CVE-2026-46333?

Yes, a public proof-of-concept exploit is available for CVE-2026-46333. Prioritise patching immediately. EPSS: 0.0%.

Linux Kernel CVE-2026-46333

EUVD-2026-30540 HIGH

Improper Privilege Management (CWE-269)

2026-05-15 Linux

GHSA-pm8f-4p6p-6x53

Privilege Escalation Linux Red Hat Suse

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Updated

May 20, 2026 - 17:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 20, 2026 - 17:22 vuln.today

cvss_changed

Severity Changed

May 20, 2026 - 17:22 NVD

MEDIUM HIGH

CVSS changed

May 20, 2026 - 17:22 NVD

5.5 (MEDIUM) 7.1 (HIGH)

Analysis Generated

May 18, 2026 - 13:23 vuln.today

CVSS changed

May 18, 2026 - 13:22 NVD

5.5 (MEDIUM)

Patch available

May 15, 2026 - 15:02 EUVD

CVE Published

May 15, 2026 - 12:58 nvd

UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ptrace: slightly saner 'get_dumpable()' logic

The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm.

And almost all users do in fact use it only for the case where the task has a mm pointer.

But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads).

It's not what this flag was designed for, but it is what it is.

The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all.

Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

AnalysisAI

Local privilege escalation in the Linux kernel ptrace subsystem allows authenticated users to bypass the traditional capability-dropping security model when accessing kernel thread details via PTRACE_MODE_READ_FSCREDS checks. The flaw stems from get_dumpable() logic returning misleading values for tasks without an associated memory map (mm), enabling uid-0 processes that have dropped capabilities to still read sensitive kernel thread information. …

RemediationAI

Within 24 hours: Identify all Linux systems in your environment and determine which kernel versions are vulnerable to CVE-2026-46333. Within 7 days: Prioritize patching of systems containing sensitive data or critical services; apply vendor-released kernel patches and stage reboots. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

Vendor StatusVendor

CVE-2026-46333 vulnerability details – vuln.today

Back