CVE-2026-31679
Published: 25 April 2026
Summary
CVE-2026-31679 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 4.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-31679 is a vulnerability in the Linux kernel's Open vSwitch implementation, specifically affecting the handling of MPLS set and set_masked actions. The validate_set() function previously accepted OVS_KEY_ATTR_MPLS as a variable-sized payload, while downstream action handling expected a fixed-size struct ovs_key_mpls. This mismatch allowed invalid MPLS action payload lengths to proceed, which has now been addressed by using the normalized key_len to reject non-matching sizes early.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required, as indicated by its CVSS 3.1 score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). Successful exploitation enables high-impact confidentiality and availability violations, such as potential information disclosure or denial of service, without affecting integrity or changing the scope.
Mitigation is provided through kernel patches available in stable releases, as documented in the following commit references: https://git.kernel.org/stable/c/2ca33b88a79ca42f017ae0f7011280325655438e, https://git.kernel.org/stable/c/4cae986225f8b8679ad86b924918e7d75a96aa61, https://git.kernel.org/stable/c/546b68ac893595877ffbd7751e5c55fd1c43ede6, https://git.kernel.org/stable/c/68f32ef0683c8d1c05cd2e4f16818fa63ff59c6f, and https://git.kernel.org/stable/c/8ed7b9930cbc3bc71f868fa79a68700ac88d586a. Security practitioners should apply these updates to affected Linux kernels running Open vSwitch.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25646
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/set_masked payload length validate_set() accepted OVS_KEY_ATTR_MPLS as variable-sized payload for SET/SET_MASKED actions. In action handling, OVS expects fixed-size MPLS key data (struct ovs_key_mpls). Use the already normalized…
more
key_len (masked case included) and reject non-matching MPLS action key sizes. Reject invalid MPLS action payload lengths early.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel validation flaw in OVS MPLS handling directly enables memory disclosure (supporting credential access via exploitation) and system/application crashes (Application or System Exploitation for DoS).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely remediation through application of the specific Linux kernel patches resolves the invalid MPLS payload length validation flaw in Open vSwitch.
Enforces validation of information inputs such as OVS_KEY_ATTR_MPLS payloads to reject variable-sized data mismatched with fixed struct ovs_key_mpls expectations.
Vulnerability scanning identifies the presence of CVE-2026-31679 in affected Linux kernels running Open vSwitch, enabling prompt patching.