Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-31682 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-31682 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-31682 is a memory safety vulnerability in the Linux kernel's network bridge subsystem, specifically in the br_nd_send() function responsible for handling IPv6 Neighbour Discovery (ND) protocol messages.

Technical Detail

The flaw exists because br_nd_send() parses Neighbour Discovery options from a socket buffer (skb) via ns->opt[] without first linearizing the skb, meaning the data may be fragmented across non-contiguous memory regions. An attacker capable of injecting or influencing crafted ND packets through a bridged network interface could trigger out-of-bounds memory access by causing the parser to read beyond valid buffer boundaries. Depending on kernel configuration and memory layout, this could result in a local or remote denial of service, information disclosure, or potentially privilege escalation within the kernel context.

Exploitation Status

No known exploit exists for this vulnerability at this time. The exploit maturity is assessed as none, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. There is no public proof-of-concept code confirmed as of May 2, 2026.

Who Is Targeting This

No specific threat actor attribution at this time. The vulnerability has not been linked to any observed campaigns or targeted sector activity.

What To Do

Apply the upstream Linux kernel patch that introduces skb linearization in br_nd_send() prior to ND option parsing. Organizations running Linux systems with bridging and IPv6 enabled should prioritize patching, particularly in environments where untrusted hosts share a bridged network segment. Distribution maintainers should be monitored for backported fixes to stable and LTS kernel branches. As an interim workaround, disabling IPv6 on bridge interfaces where it is not operationally required reduces exposure. Detection can be aided by monitoring kernel logs for memory access anomalies or unexpected crashes in the bridge or IPv6 subsystems.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →