Skip to main content

Linux

Vendor security scorecard – 2623 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 5480
2623
CVEs
131
Critical
960
High
1
KEV
35
PoC
37
Unpatched C/H
94.6%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
131
HIGH
960
MEDIUM
1322
LOW
14

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-31431 Memory corruption in Linux kernel's algif_aead cryptographic interface allows local authenticated users to achieve arbitrary kernel memory read/write, leading to privilege escalation to root. The vulnerability stems from improper handling of in-place operations introduced in commit 72548b093ee3, affecting kernel versions from 4.14 through 6.19.x. Multiple public exploit codes exist including proof-of-concept demonstrations from security researchers, with EPSS score of 0.01% indicating currently low widespread exploitation likelihood despite POC availability. HIGH 7.8 0.0% 134
KEV PoC
CVE-2026-43284 Use-after-free in Linux kernel ESP (IPsec) allows local authenticated attackers to decrypt shared memory fragments improperly, potentially exposing encrypted network traffic or causing memory corruption. Affects kernel versions 6.5+ where MSG_SPLICE_PAGES can attach pipe pages directly to UDP socket buffers. The IPv4/IPv6 datagram paths fail to mark spliced pages as shared, causing ESP input decryption to modify memory not privately owned by the packet buffer. Public exploit code exists (POC available on GitHub), EPSS score is low (0.01%) indicating limited widespread exploitation risk, and vendor patches are available across affected stable kernel branches (6.6.138, 6.12.87, 6.18.28, 7.0.5). HIGH 8.8 0.0% 89
PoC
CVE-2026-24479 HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server. CRITICAL 9.8 0.6% 85
PoC
CVE-2026-43500 Buffer overflow in Linux kernel rxrpc subsystem allows local authenticated attackers to achieve arbitrary code execution with kernel privileges. The vulnerability stems from improper handling of shared fragment memory in DATA and RESPONSE packet processing, where the kernel fails to unshare externally-owned page fragments before in-place decryption operations. This creates a buffer overflow condition (CWE-787) exploitable by local users with low privileges. Patches are available for kernel versions 6.18.29, 7.0.6, and 7.1-rc3. EPSS and KEV status not provided in available data. HIGH 7.8 0.0% 74
PoC
CVE-2026-26068 Command injection in emp3r0r C2 framework before 3.21.1. Untrusted agent metadata (Transport, Hostname) injected into commands. PoC and patch available. EPSS 0.61%. CRITICAL 9.9 0.6% 70
PoC
CVE-2026-29128 Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available. CRITICAL 10.0 0.0% 70
PoC No patch
CVE-2026-46300 Local privilege escalation in Linux kernel XFRM ESP-in-TCP subsystem (Fragnesia vulnerability) allows authenticated local attackers to overwrite kernel memory structures by exploiting arbitrary byte writes into the kernel page cache of read-only files. CVSS score of 7.8 reflects high impact across confidentiality, integrity, and availability. Low attack complexity (AC:L) and no user interaction requirement (UI:N) make this exploitable by any local user with basic privileges. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, but the specific vulnerability name 'Fragnesia' suggests coordinated disclosure with security research community. HIGH 7.8 0.0% 69
PoC
CVE-2026-23231 A use-after-free vulnerability in the Linux kernel's netfilter nf_tables chain registration allows local attackers with user privileges to trigger memory corruption and cause a denial of service, potentially leading to privilege escalation. The flaw occurs when hook registration fails during chain addition, allowing concurrent operations to access freed memory without proper RCU synchronization. The vulnerability affects systems running vulnerable Linux kernels with netfilter enabled, and no patch is currently available. HIGH 7.8 0.0% 69
PoC
CVE-2026-43494 Local privilege escalation potential in the Linux kernel's RDS (Reliable Datagram Sockets) subsystem stems from a double-free condition triggered when zerocopy page pinning fails during sendmsg() operations. The flaw, introduced in Linux 4.17, allows local authenticated users to corrupt kernel memory by exploiting an error path in rds_message_zcopy_from_user() that fails to reset op_nents, causing rds_message_purge() to free pages that were already released. Publicly available exploit code exists, though EPSS scoring is very low (0.02%) and the issue is not listed in CISA KEV. HIGH 7.8 0.0% 69
PoC
CVE-2026-46333 Local privilege escalation in the Linux kernel ptrace subsystem allows authenticated users to bypass the traditional capability-dropping security model when accessing kernel thread details via PTRACE_MODE_READ_FSCREDS checks. The flaw stems from get_dumpable() logic returning misleading values for tasks without an associated memory map (mm), enabling uid-0 processes that have dropped capabilities to still read sensitive kernel thread information. Publicly available exploit code exists (referenced in OSS-security and a GitHub PoC against ssh-keysign), though EPSS scoring (0.02%) indicates low likelihood of widespread exploitation. HIGH 7.1 0.0% 66
PoC
CVE-2026-23873 HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted submissions exported to spreadsheets. CRITICAL 9.0 0.0% 65
PoC No patch
CVE-2026-46331 Local privilege escalation potential in the Linux kernel's net/sched traffic-control subsystem arises from a partial copy-on-write (COW) miss in the pedit action (tcf_pedit_act), where skb_ensure_writable() is sized using tcfp_off_max_hint before the per-key loop and fails to account for the runtime header offset added by typed keys, leaving part of the write region un-COW'd and causing page cache corruption. A local low-privileged attacker able to install tc pedit rules (CAP_NET_ADMIN, obtainable in user namespaces on many distros) can corrupt shared page-cache memory, with CVSS 7.8 reflecting high confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS is low at 0.14% (4th percentile) and the issue is not on CISA KEV. HIGH 7.8 0.1% 59
PoC
CVE-2026-27212 Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input. HIGH 7.8 0.1% 59
PoC
CVE-2026-23233 F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available. HIGH 7.8 0.0% 59
PoC
CVE-2026-31581 In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free on disconnect In usb6fire_chip_abort(), the chip HIGH 7.8 0.0% 59
PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy