216.73.217.64

CVE-2026-43916

· Published 12/05/2026 14:17 · Modified 13/05/2026 18:27

Labels: CVE-2026-43916 2026-05-12CVE-2026-43916CWE-125[email protected]

Essential information

Published
12/05/2026 14:17
Modified
13/05/2026 18:27
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134, prior to the fix) allowed a crafted NETLINK_SOCK_DIAG reply to slip past the message-size check, then dereference past the end of the allocation. This vulnerability is fixed in 0.2.0-alpha.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / pam authnft cpe:2.3:a:*:pam_authnft:<0.2.0-alpha:*:*:*:*:*:*:*

References