Cyber Resilience

CVE-2026-31679

High

Published: 25 April 2026

Published
25 April 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0002 4.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31679 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 4.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-31679 is a vulnerability in the Linux kernel's Open vSwitch implementation, specifically affecting the handling of MPLS set and set_masked actions. The validate_set() function previously accepted OVS_KEY_ATTR_MPLS as a variable-sized payload, while downstream action handling expected a fixed-size struct ovs_key_mpls. This mismatch allowed invalid MPLS action payload lengths to proceed, which has now been addressed by using the normalized key_len to reject non-matching sizes early.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required, as indicated by its CVSS 3.1 score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). Successful exploitation enables high-impact confidentiality and availability violations, such as potential information disclosure or denial of service, without affecting integrity or changing the scope.

Mitigation is provided through kernel patches available in stable releases, as documented in the following commit references: https://git.kernel.org/stable/c/2ca33b88a79ca42f017ae0f7011280325655438e, https://git.kernel.org/stable/c/4cae986225f8b8679ad86b924918e7d75a96aa61, https://git.kernel.org/stable/c/546b68ac893595877ffbd7751e5c55fd1c43ede6, https://git.kernel.org/stable/c/68f32ef0683c8d1c05cd2e4f16818fa63ff59c6f, and https://git.kernel.org/stable/c/8ed7b9930cbc3bc71f868fa79a68700ac88d586a. Security practitioners should apply these updates to affected Linux kernels running Open vSwitch.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/set_masked payload length validate_set() accepted OVS_KEY_ATTR_MPLS as variable-sized payload for SET/SET_MASKED actions. In action handling, OVS expects fixed-size MPLS key data (struct ovs_key_mpls). Use the already normalized…

more

key_len (masked case included) and reject non-matching MPLS action key sizes. Reject invalid MPLS action payload lengths early.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local kernel validation flaw in OVS MPLS handling directly enables memory disclosure (supporting credential access via exploitation) and system/application crashes (Application or System Exploitation for DoS).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31674Same product: Linux Linux Kernel
CVE-2025-21743Same product: Linux Linux Kernel
CVE-2026-31484Same product: Linux Linux Kernel
CVE-2026-31568Same product: Linux Linux Kernel
CVE-2026-23327Same product: Linux Linux Kernel
CVE-2026-43028Same product: Linux Linux Kernel
CVE-2026-31774Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2026-43042Same product: Linux Linux Kernel
CVE-2024-57945Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 5.5 — 5.10.253 · 5.11 — 5.15.203 · 5.16 — 6.1.168

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through application of the specific Linux kernel patches resolves the invalid MPLS payload length validation flaw in Open vSwitch.

prevent

Enforces validation of information inputs such as OVS_KEY_ATTR_MPLS payloads to reject variable-sized data mismatched with fixed struct ovs_key_mpls expectations.

detect

Vulnerability scanning identifies the presence of CVE-2026-31679 in affected Linux kernels running Open vSwitch, enabling prompt patching.

References