Cyber Resilience

CVE-2026-43291

High

Published: 08 May 2026

Published
08 May 2026
Modified
14 May 2026
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
EPSS Score 0.0027 18.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-43291 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.3 (High).

Operationally, ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any…

more

more. The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

Affected Assets

linux
linux kernel
5.15.195 — 5.15.202 · 6.1.156 — 6.1.165 · 6.6.112 — 6.6.128

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References