CVE-2026-53006
Published: 24 June 2026
Summary
CVE-2026-53006 is a critical-severity Expired Pointer Dereference (CWE-825) vulnerability in Kernel (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-38874
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in icmpv6_rcv() Caching saddr and daddr before pskb_pull() is problematic since skb->head can change. Remove these temporary variables: - We only access &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr when…
more
net_dbg_ratelimited() is called in the slow path. - Avoid potential future misuse after pskb_pull() call.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
UAF in network-facing icmpv6_rcv() enables remote exploitation of public-facing kernel code (T1190) and kernel-level privilege escalation (T1068).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.