CVE & CISA-KEV Catalog

CVE-2026-31476

MEDIUM
6.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails (e.g. wrong password), the error path unconditionally sets sess->state = SMB2_SESSION_EXPIRED. However, during binding, sess points to the target session looked up via ksmbd_session_lookup_slowpath() -- which belongs to another connection's user. This allows a remote attacker to invalidate any active session by simply sending a binding request with a wrong password (DoS). Fix this by skipping session expiration when the failed request was a binding attempt, since the session does not belong to the current connection. The reference taken by ksmbd_session_lookup_slowpath() is still correctly released via ksmbd_user_session_put().

How to fix

Remediation Available
linuxDebian
Fixed in:6.1.170-1CVE-2026-31476
Fixed in:6.12.85-1CVE-2026-31476
Fixed in:6.19.11-1CVE-2026-31476

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.50%probability of exploitation in 30 days
39thpercentile

Low risk: more likely to be exploited than 39% of all known CVEs.

References

Embed a live status badge for CVE-2026-31476
CVE-2026-31476 severity badge

Markdown

[![CVE-2026-31476](https://tridentstack.com/cve/badge/CVE-2026-31476.svg)](https://tridentstack.com/cve/CVE-2026-31476)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-31476"><img src="https://tridentstack.com/cve/badge/CVE-2026-31476.svg" alt="CVE-2026-31476"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-01.