HOMEVULNERABILITIESCVE-2026-23268
NONE

CVE-2026-23268

Published: March 18, 2026· Updated: Mar 25, 2026

EPSS:0.01%probability of exploitation in 30 daysPercentile:3.2th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix unprivileged local user can do privileged policy management

An unprivileged local user can load, replace, and remove profiles by

opening the apparmorfs interfaces, via a confused deputy attack, by

passing the opened fd to a privileged process, and getting the

privileged process to write to the interface.

This does require a privileged target that can be manipulated to do

the write for the unprivileged process, but once such access is

achieved full policy management is possible and all the possible

implications that implies: removing confinement, DoS of system or

target applications by denying all execution, by-passing the

unprivileged user namespace restriction, to exploiting kernel bugs for

a local privilege escalation.

The policy management interface can not have its permissions simply

changed from 0666 to 0600 because non-root processes need to be able

to load policy to different policy namespaces.

Instead ensure the task writing the interface has privileges that

are a subset of the task that opened the interface. This is already

done via policy for confined processes, but unconfined can delegate

access to the opened fd, by-passing the usual policy check.

NVD Source

Technical Analysis

CVE-2026-23268 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-23268
SeverityNONE
CISA KEVNo
EPSS (30d)0.01%
PublishedMar 18, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23268 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.