HOMEVULNERABILITIESCVE-2026-53263
NONE

CVE-2026-53263

Published: June 25, 2026· Updated: Jun 30, 2026

EPSS:0.17%probability of exploitation in 30 daysPercentile:6.9th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

6lowpan: fix off-by-one in multicast context address compression

The second memcpy in lowpan_iphc_mcast_ctx_addr_compress() uses

&data[1] as destination and &ipaddr->s6_addr[11] as source, but

both should be offset by one: &data[2] and &ipaddr->s6_addr[12]

respectively.

This off-by-one has two consequences:

1. data[1] is overwritten with s6_addr[11], corrupting the RIID

field in the compressed multicast address

2. data[5] is never written, so uninitialized kernel stack memory

is transmitted over the network via lowpan_push_hc_data(),

leaking kernel stack contents

The correct inline data layout must match what the decompression

function lowpan_uncompress_multicast_ctx_daddr() expects:

data[0..1] = s6_addr[1..2] (flags/scope + RIID)

data[2..5] = s6_addr[12..15] (group ID)

Also zero-initialize the data array as a defensive measure against

similar bugs in the future.

NVD Source

Technical Analysis

CVE-2026-53263 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (8)

Quick Facts

CVE IDCVE-2026-53263
SeverityNONE
CISA KEVNo
EPSS (30d)0.17%
PublishedJun 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53263 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.