CVE-2026-53221
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk42th percentile — higher than 42% of all known CVEs
Summary
In the Linux kernel, a bug was found in the vti6_tnl_lookup() function causing incorrect tunnel matching for IP6_VTI. During wildcard tunnel fallback search, missing checks allowed hash collisions to match tunnels without actual wildcard addresses.
Risk Assessment
The risk involves potential misrouting of network traffic to an incorrect tunnel, which could lead to data integrity violations, information leaks, or man-in-the-middle attacks.
Recommendation
Immediately update the Linux kernel to a version containing the fix for CVE-2026-53221. Monitor official security advisories from your Linux distribution.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() In vti6_tnl_lookup(), when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remote address wildcard remote). - Tunnels matching the packet's remote address, with any local address (wildcard local). However, vti6 stores all these different types of tunnels in the same hash table (ip6n->tnls_r_l) prone to hash collisions. The bug is that the fallback search loops in vti6_tnl_lookup() were missing checks to ensure that the candidate tunnel actually has a wildcard address.

