CVE Catalog

CVE-2026-45850

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile - higher than 6% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the IPVS module where protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. The issue is fixed by using the iph->len field, which contains the appropriate offset.

Risk Assessment

The risk involves potential incorrect processing of IPv6 packets with extension headers, which may lead to improper checksum validation and potential network security issues.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix for CVE-2026-45850 to ensure proper checksum validation for IPv6 traffic with extension headers.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. iph->len already contains its offset, so use it to fix the problem.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS