HOMEVULNERABILITIESCVE-2026-53266
HIGH

CVE-2026-53266

Published: June 25, 2026· Updated: Jun 30, 2026

8.8
CVSS v3.1
EPSS:0.17%probability of exploitation in 30 daysPercentile:6.9th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: bridge: make ebt_snat ARP rewrite writable

The ebtables SNAT target keeps the Ethernet source address rewrite

behind skb_ensure_writable(skb, 0). This is intentional: at the bridge

ebtables hooks the Ethernet header is addressed through

skb_mac_header()/eth_hdr(), while skb->data points at the Ethernet

payload. Asking skb_ensure_writable() for ETH_HLEN bytes would check

the payload, not the Ethernet header, and would reintroduce the small

packet regression fixed by commit 63137bc5882a.

However, the optional ARP sender hardware address rewrite is different.

It writes through skb_store_bits() at an offset relative to skb->data:

skb_store_bits(skb, sizeof(struct arphdr), info->mac, ETH_ALEN)

skb_header_pointer() only safely reads the ARP header; it does not make

the later sender hardware address range writable. If that range is

still held in a nonlinear skb fragment backed by a splice-imported file

page, skb_store_bits() maps the frag page and copies the new MAC address

directly into it.

Ensure the ARP SHA range is writable before reading the ARP header and

before calling skb_store_bits().

NVD Source

Technical Analysis

CVE-2026-53266 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 8.8.

The vulnerability has a "Changed" scope, meaning successful exploitation can impact components beyond the vulnerable component itself — such as the host operating system or adjacent services.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeChanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (8)

Quick Facts

CVE IDCVE-2026-53266
CVSS Score8.8 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.17%
PublishedJun 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53266 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.