What is CVE-2026-31636?

CVE-2026-31636 is a critical-severity vulnerability in Linux. CVSS score: 9.1/10. Published 2026-04-24.

How severe is CVE-2026-31636?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Linux

CVE-2026-31636

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and then passes p + auth_len as the parser li…

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.

Affected products

Linux — versions 9d1d2b59341f58126a69b51f9f5f8ccb9f12e54a, 6.16, 0

References

git.kernel.org/stable/c/7875f3d9777bd4e9892c4db830571ab8ac2044c0
git.kernel.org/stable/c/20a188775a9a9982d1987e12660d9b44b40a6c99
git.kernel.org/stable/c/3e3138007887504ee9206d0bfb5acb062c600025

Frequently asked questions

What is CVE-2026-31636?: CVE-2026-31636 is a critical-severity vulnerability in Linux. CVSS score: 9.1/10. Published 2026-04-24.
How severe is CVE-2026-31636?: Critical severity. CVSS v3 base score is 9.1 out of 10.