Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Linux kernel nf_tables use-after-free security flaw (CVE-2026-23111)

Vulnerability
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

A Linux kernel nf_tables use-after-free in CVE-2026-23111 is now publicly exploitable, putting systems at local root and container-breakout risk. Upstream patches have been available since February 5, 2026, and public exploit code has since been released. The flaw affects kernels that expose nf_tables together with unprivileged user namespaces.

Related Happenings

Linux kernel Dirty Frag local root escalation privilege-escalation flaw

Vulnerability
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

Linux distributions mitigation advisories for CVE-2026-31431

Advisory/Mitigation
First: 30.04.2026 12:24 Last: 30.04.2026 12:24 Sources 1

About this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...

Open Happening

Linux kernel AppArmor confused deputy vulnerabilities CrackArmor security flaw

Vulnerability
First: 13.03.2026 10:18 Last: 13.03.2026 10:18 Sources 1

About this happening: Researchers disclosed **CrackArmor**, nine **confused deputy** flaws in the **Linux kernel's AppArmor module** that can let **unprivileged users** bypass protections, gain **root*...

Open Happening

CISA KEV remediation order for CVE-2024-1086

Public Sector Action
First: 31.10.2025 15:05 Last: 31.10.2025 15:05 Sources 1

About this happening: CISA added **CVE-2024-1086** to the **Known Exploited Vulnerabilities (KEV) catalog** and ordered **federal agencies** to secure their systems by **June 20, 2024**, forcing urgent...

Open Happening

Timeline

  1. 08.06.2026 23:17 1 articles · 3h ago

    Upstream patch fixes the Linux kernel nf_tables flaw CVE-2026-23111

    Mitigation Patch Update

    The Linux kernel upstream fix for CVE-2026-23111 removed the nf_tables use-after-free on February 5, 2026, closing a local privilege-escalation path that could let an unprivileged user reach root.

    Show sources
    Open in new tab
  2. 08.06.2026 23:17 1 articles · 3h ago

    FuzzingLabs reproduces CVE-2026-23111 on RHEL 10

    Technical Analysis Update

    FuzzingLabs reproduced the bug on RHEL 10 ahead of Pwn2Own Berlin 2026 and built its own root exploit by a different route, confirming that the nf_tables flaw could be weaponized for local privilege escalation.

    Show sources
    Open in new tab
  3. 08.06.2026 23:17 2 articles · 3h ago

    Exodus Intelligence releases a working exploit walkthrough for CVE-2026-23111

    Technical Analysis Update

    Exodus Intelligence released a detailed technical walkthrough on June 8 showing how the nf_tables use-after-free in CVE-2026-23111 can be chained into full local root and container breakout, with demonstrations on Debian Bookworm, Debian Trixie, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS.

    Show sources
    Open in new tab