HOMEVULNERABILITIESCVE-2026-52911
NONE

CVE-2026-52911

Published: June 21, 2026· Updated: Jun 21, 2026

EPSS:0.18%probability of exploitation in 30 daysPercentile:7.3th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: scope conn->binding slowpath to bound sessions only

When the binding SESSION_SETUP sets conn->binding = true, the flag stays

set after the call so that the global session lookup in

ksmbd_session_lookup_all() can find the session, which was not added to

conn->sessions. Because the flag is connection-wide, the global lookup

path will also resolve any other session by id if asked.

Tighten the global lookup so that the returned session must have this

connection registered in its channel xarray (sess->ksmbd_chann_list).

The channel entry is installed by the existing binding_session path in

ntlm_authenticate()/krb5_authenticate() when a SESSION_SETUP completes

successfully, so this condition is a strict equivalent of "this

connection has been accepted as a channel of this session". Connections

that have not bound to a given session cannot reach it via the global

table.

The existing conn->binding gate for entering the slowpath is preserved

so that non-binding connections keep the fast-path-only behavior, and

the session->state check is unchanged.

NVD Source

Technical Analysis

CVE-2026-52911 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (7)

Quick Facts

CVE IDCVE-2026-52911
SeverityNONE
CISA KEVNo
EPSS (30d)0.18%
PublishedJun 21, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-52911 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.