CVE-2026-31718

Daily digests

A use-after-free bug in ksmbd (the in-kernel SMB server on Linux) lets a remote attacker potentially execute code or crash the system by triggering a race condition through durable file handle scavenging. CVSS 9.8 makes this critical. If you expose ksmbd to the network, an attacker may not need credentials to trigger it.

• Daily Digest · May 8, 2026

  Linux ksmbd RCE (9.8) + Azure Cloud Shell injection