CVE-2026-31705

Daily digests

ksmbd, the in-kernel SMB3 server in Linux, has an out-of-bounds write bug in its extended-attribute handling (smb2_get_ea). An attacker who can reach the SMB service could potentially get remote code execution at kernel level with no authentication. CVSS 9.8 says it all: if you expose ksmbd to any network, this is a top-priority fix.

• Daily Digest · May 5, 2026

  Linux ksmbd RCE (9.8) + 4 more to review