CVE Catalog

CVE-2026-31496

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, a vulnerability in the netfilter module allowed displaying connection expectations from other network namespaces via the /proc interface. The fix adds filtering to skip expectations not belonging to the current netns.

Risk Assessment

The organization may face information disclosure of connection expectations across network namespaces, which in multi-tenant environments (e.g., containers) can break isolation and leak sensitive data.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit 1c2b3d4e5f...). If an update is not possible, restrict access to /proc/net/nf_conntrack_expect to trusted processes only.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Similar to e77e6ff502ea ("netfilter: conntrack: do not dump other netns's conntrack entries via proc").

Vulnerability data from NVD (NIST) · CISA KEV · EPSS