HOMEVULNERABILITIESCVE-2026-46124
HIGH

CVE-2026-46124

Published: May 28, 2026· Updated: Jun 1, 2026

7.5
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:5.2th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

isofs: validate block number from NFS file handle in isofs_export_iget

isofs_fh_to_dentry() and isofs_fh_to_parent() pass an attacker-

controlled block number (ifid->block or ifid->parent_block) from

the NFS file handle to isofs_export_iget(), which only rejects

block == 0 before calling isofs_iget() and ultimately sb_bread().

A crafted file handle with fh_len sufficient to pass the check

added by commit 0405d4b63d08 ("isofs: Prevent the use of too small

fid") can still drive the server to read any in-range block on the

backing device as if it were an iso_directory_record. That earlier

fix was assigned CVE-2025-37780.

sb_bread() on an out-of-range block returns NULL cleanly via the

EIO path, so there is no memory-safety violation. For in-range

reads of adjacent-partition data on the same block device, the

unrelated bytes end up in iso_inode_info fields that reach the NFS

client as dentry metadata. The deployment surface (isofs exported

over NFS from loop-mounted images) is narrow and requires an

authenticated NFS peer, but the malformed-file-handle class is

reportable as hardening next to the existing CVE-2025-37780 fix.

Reject block >= ISOFS_SB(sb)->s_nzones in isofs_export_iget() so

the check covers both isofs_fh_to_dentry() and isofs_fh_to_parent()

call sites with a single line.

NVD Source

Technical Analysis

CVE-2026-46124 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), with a CVSS base score of 7.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityNone
AvailabilityNone
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (8)

Quick Facts

CVE IDCVE-2026-46124
CVSS Score7.5 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 28, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-46124 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.