HOMEVULNERABILITIESCVE-2026-46333
HIGH

CVE-2026-46333

Published: May 15, 2026· Updated: May 21, 2026

7.1
CVSS v3.1
EPSS:0.01%probability of exploitation in 30 daysPercentile:0.4th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

ptrace: slightly saner 'get_dumpable()' logic

The 'dumpability' of a task is fundamentally about the memory image of

the task - the concept comes from whether it can core dump or not - and

makes no sense when you don't have an associated mm.

And almost all users do in fact use it only for the case where the task

has a mm pointer.

But we have one odd special case: ptrace_may_access() uses 'dumpable' to

check various other things entirely independently of the MM (typically

explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for

threads that no longer have a VM (and maybe never did, like most kernel

threads).

It's not what this flag was designed for, but it is what it is.

The ptrace code does check that the uid/gid matches, so you do have to

be uid-0 to see kernel thread details, but this means that the

traditional "drop capabilities" model doesn't make any difference for

this all.

Make it all make a *bit* more sense by saying that if you don't have a

MM pointer, we'll use a cached "last dumpability" flag if the thread

ever had a MM (it will be zero for kernel threads since it is never

set), and require a proper CAP_SYS_PTRACE capability to override.

NVD Source

Technical Analysis

CVE-2026-46333 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), with a CVSS base score of 7.1.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2026-46333

Impact of Linux Kernel vulnerabilities on B&R products
CISA Alerts· Jun 23, 2026

View CSAF Summary B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products. The following versions of Impact of Linux Kernel vulnerabilities on B&R products are affected: Linux for B&R /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true Impact assessment: Disabling the algif_aead module removes the AEAD socket interface f [xlite_meta score:73 src:CISA Alerts xlite_fp:968f2d14c6ec3bfdadee07587780c6e8463e784ec0d508add5363b4e4f849d1f]

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
The Hacker News· May 21, 2026

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major [xlite_meta score:50 src:The Hacker News xlite_fp:75b6b296ee64a41d42a7c5f5f4c84bb639c047f1af8d1f54f2d1a29c217457d1]

All References (14)

Quick Facts

CVE IDCVE-2026-46333
CVSS Score7.1 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.01%
PublishedMay 15, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-46333 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.