CVE-2026-53268
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
In the Linux kernel, the netfilter conntrack_irc module has a vulnerability that allows an out-of-bounds read. The issue occurs when parsing fails after matching a command string, and the system attempts to match a different command instead of bailing out.
Risk Assessment
The risk involves potential leakage of sensitive data or system crashes due to reading beyond the allocated memory. An attacker could exploit this by sending crafted IRC traffic.
Recommendation
Immediately update the Linux kernel to a patched version. Given the deprecation of IRC in modern environments, consider disabling the conntrack_irc module if not in use.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack_irc: fix possible out-of-bounds read When parsing fails after we've matched the command string we should bail out instead of trying to match a different command. This helper should be deprecated, given prevalence of TLS I doubt it has any relevance in 2026.

