HOMEVULNERABILITIESCVE-2026-43450
NONE

CVE-2026-43450

Published: May 8, 2026· Updated: May 12, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:7.0th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()

nfnl_cthelper_dump_table() has a 'goto restart' that jumps to a label

inside the for loop body. When the "last" helper saved in cb->args[1]

is deleted between dump rounds, every entry fails the (cur != last)

check, so cb->args[1] is never cleared. The for loop finishes with

cb->args[0] == nf_ct_helper_hsize, and the 'goto restart' jumps back

into the loop body bypassing the bounds check, causing an 8-byte

out-of-bounds read on nf_ct_helper_hash[nf_ct_helper_hsize].

The 'goto restart' block was meant to re-traverse the current bucket

when "last" is no longer found, but it was placed after the for loop

instead of inside it. Move the block into the for loop body so that

the restart only occurs while cb->args[0] is still within bounds.

BUG: KASAN: slab-out-of-bounds in nfnl_cthelper_dump_table+0x9f/0x1b0

Read of size 8 at addr ffff888104ca3000 by task poc_cthelper/131

Call Trace:

nfnl_cthelper_dump_table+0x9f/0x1b0

netlink_dump+0x333/0x880

netlink_recvmsg+0x3e2/0x4b0

sock_recvmsg+0xde/0xf0

__sys_recvfrom+0x150/0x200

__x64_sys_recvfrom+0x76/0x90

do_syscall_64+0xc3/0x6e0

Allocated by task 1:

__kvmalloc_node_noprof+0x21b/0x700

nf_ct_alloc_hashtable+0x65/0xd0

nf_conntrack_helper_init+0x21/0x60

nf_conntrack_init_start+0x18d/0x300

nf_conntrack_standalone_init+0x12/0xc0

NVD Source

Technical Analysis

CVE-2026-43450 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (8)

Quick Facts

CVE IDCVE-2026-43450
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 8, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43450 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.