CVE-2026-46243
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk27th percentile - higher than 27% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the CIFS/SMB client implementation. It occurs because cifs.spnego key descriptions contain authority-bearing fields (such as pid, uid, creduid, upcall_target) that cifs.upcall treats as kernel-originating. However, userspace can create such keys via request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin.
Risk Assessment
The risk involves potential privilege escalation or authentication bypass in environments using CIFS/SMB. An attacker with local access could impersonate a legitimate user or process, gaining unauthorized access to network resources.
Recommendation
Immediately update the Linux kernel to a version containing the fix that rejects userspace-originated cifs.spnego descriptions unless they are requested via CIFS private spnego_cred.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.

