CVE-2026-45850
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the IPVS module where protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. The issue is fixed by using the iph->len field, which contains the appropriate offset.
Risk Assessment
The risk involves potential incorrect processing of IPv6 packets with extension headers, which may lead to improper checksum validation and potential network security issues.
Recommendation
It is recommended to immediately update the Linux kernel to a version containing the fix for CVE-2026-45850 to ensure proper checksum validation for IPv6 traffic with extension headers.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. iph->len already contains its offset, so use it to fix the problem.

