Cyber Resilience

CVE-2026-47331

HighUpdated

Published: 28 May 2026

Published
28 May 2026
Modified
09 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 1.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-47331 is a high-severity Use After Free (CWE-416) vulnerability in Canonical Ubuntu Linux. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local unprivileged UAF in kernel AppArmor leads directly to arbitrary code execution, enabling privilege escalation via exploitation of the OS kernel.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3888Same product: Canonical Ubuntu Linux
CVE-2026-47333Same product: Canonical Ubuntu Linux
CVE-2026-34179Same vendor: Canonical
CVE-2025-33208Same product: Canonical Ubuntu Linux
CVE-2026-9946Shared CWE-416
CVE-2026-23413Shared CWE-416
CVE-2024-57896Shared CWE-416
CVE-2022-49524Shared CWE-416
CVE-2026-23415Shared CWE-416
CVE-2026-9937Shared CWE-416

Affected Assets

canonical
ubuntu linux
24.04, 25.10, 26.04

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-416

Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

References