CVE-2026-31478

Daily digests

A buffer calculation bug in ksmbd (the in-kernel SMB3 server) can be triggered remotely. The CVSS 9.8 score signals unauthenticated remote exploitation is likely possible, though the terse commit message leaves exact impact unclear. If you expose ksmbd on any network, treat this as a potential remote code execution path.

• Daily Digest · Apr 30, 2026

  ksmbd RCE (9.8) + Wazuh cluster write-to-RCE