Is CVE-2026-31626 actively exploited?

CVE-2026-31626 has no public evidence of in-the-wild exploitation as of 2026-04-27.

What is the CVSS score for CVE-2026-31626?

CVE-2026-31626 has a CVSS score of 7.1 (HIGH severity). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H.

How do I patch CVE-2026-31626?

Patch guidance is available from linux security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-31626.

Fix CVE-2026-31626 - HIGH linux linux kernel

Q: Which products are affected by CVE-2026-31626?

5 products: linux linux kernel, linux linux kernel, linux linux kernel, linux linux kernel, linux linux kernel.

Description

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte (u64) variable, leaving the last two bytes uninitialized: drivers/staging/rtl8723bs/core/rtw_security.c:1308 rtw_BIP_verify() warn: not copying enough bytes for '&le_tmp64' (8 vs 6 bytes) Initializing the variable at the start of the function fixes this warning and ensures predictable behavior.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector: adjacent network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: high
Weaknesses: CWE-908

Metadata

Primary Vendor: LINUX
Published: 4/24/2026
Last Modified: 4/27/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

linux : linux_kernellinux : linux_kernellinux : linux_kernellinux : linux_kernellinux : linux_kernel

Remediation Guidance

Executive Summary

View on NIST NVD