What is CVE-2026-23428?

CVE-2026-23428 is a critical-severity vulnerability in Linux. CVSS score: 9.8/10. Published 2026-04-03.

How severe is CVE-2026-23428?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Linux

CVE-2026-23428

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without validating tcon->t_state. ksmbd_tree_con…

EPSS: 0.000 (9.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Linux — versions 6.1.167, d1066c1b3663401cd23c0d6e60cdae750ce00c0f, 5.15.203

References

git.kernel.org/stable/c/d08417981155883068b7260d9500ca306a03edac
git.kernel.org/stable/c/eae0dc86f71e6f3294c0cd7ffc05039258d243af
git.kernel.org/stable/c/806f13752652216db0c309392b4db3e64eeed4f2
git.kernel.org/stable/c/c742b46a153d3ff95ff0825ab1950c87b9e14470
git.kernel.org/stable/c/7f7468fd2a7554cea91b7d430335a3dbf01dcc09
git.kernel.org/stable/c/a5929c2020ce54e1dcbd1078c0f30b8aaf73c105
git.kernel.org/stable/c/c33615f995aee80657b9fdfbc4ee7f49c2bd733d

Frequently asked questions

What is CVE-2026-23428?: CVE-2026-23428 is a critical-severity vulnerability in Linux. CVSS score: 9.8/10. Published 2026-04-03.
How severe is CVE-2026-23428?: Critical severity. CVSS v3 base score is 9.8 out of 10.