HOMEVULNERABILITIESCVE-2026-23272
NONE

CVE-2026-23272

Published: March 20, 2026· Updated: Mar 20, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:5.9th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: unconditionally bump set->nelems before insertion

In case that the set is full, a new element gets published then removed

without waiting for the RCU grace period, while RCU reader can be

walking over it already.

To address this issue, add the element transaction even if set is full,

but toggle the set_full flag to report -ENFILE so the abort path safely

unwinds the set to its previous state.

As for element updates, decrement set->nelems to restore it.

A simpler fix is to call synchronize_rcu() in the error path.

However, with a large batch adding elements to already maxed-out set,

this could cause noticeable slowdown of such batches.

NVD Source

Technical Analysis

CVE-2026-23272 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-23272
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 20, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23272 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.