What is CVE-2026-23351?

CVE-2026-23351 is a high-severity vulnerability in Linux. CVSS score: 7.8/10. Published 2026-03-25.

How severe is CVE-2026-23351?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Linux

CVE-2026-23351

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements…

EPSS: 0.000 (4.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Linux — versions 3c4287f62044a90e73a561aa05fc46e62da173da, 5.6, 0

References

git.kernel.org/stable/c/65ca51b9fb85477ab92a04295aed34b38f7c062e
git.kernel.org/stable/c/c0f1f85097ac2b6e7d750fe4d05807985cd3fd3a
git.kernel.org/stable/c/16f3595c0441d87dfa005c47d8f95be213afaa9e
git.kernel.org/stable/c/7864c667aed01a58b87ca518a631322cd0ac34c0
git.kernel.org/stable/c/c12d570d71920903a1a0468b7d13b085203d0c93
git.kernel.org/stable/c/500a50a301ce962b019ab95053ac70264fec2c21
git.kernel.org/stable/c/aff13667708dfa0dce136b8efd81baa9fa6ef261
git.kernel.org/stable/c/9df95785d3d8302f7c066050117b04cd3c2048c2

Frequently asked questions

What is CVE-2026-23351?: CVE-2026-23351 is a high-severity vulnerability in Linux. CVSS score: 7.8/10. Published 2026-03-25.
How severe is CVE-2026-23351?: High severity. CVSS v3 base score is 7.8 out of 10.