CVE-2026-31684

MEDIUMNVD 5.55.5
EchelonGraph scoreMEDIUM confidence

Score 5.5 from GitHub Security Advisory published 2026-04-25. NVD baseline CVSS 5.5; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
5.5
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 5.5Exploit: NoneExposed: 0

A fix is available — apply it.

In the Linux kernel, the following vulnerability has been resolved:

net: sched: act_csum: validate nested VLAN headers

tcf_csum_act() walks nested VLAN headers directly from skb->data when an skb still carries in-payload VLAN tags. The current code reads vlan->h_vlan_encapsulated_proto and then pulls VLAN_HLEN bytes without first ensuring that the full VLAN header is present in the linear area.

If only part of an inner VLAN header is linearized, accessing h_vlan_encapsulated_proto reads past the linear area, and the following skb_pull(VLAN_HLEN) may violate skb invariants.

Fix this by requiring pskb_may_pull(skb, VLAN_HLEN) before accessing and pulling each nested VLAN header. If the header still is not fully available, drop the packet through the existing error path.

CVSS v3
5.5
EG Score
5.5(medium)
EPSS
1.9%
KEV
Not listed

Published

April 25, 2026

Last Modified

June 1, 2026

Advisory Details (5)

Auto-updated May 6, 2026
No patch confirmed yet.
generic

net: sched: act_csum: validate nested VLAN headers - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/ec4930979b3f7bbeb7af5744599fc6603a4dba62
generic

net: sched: act_csum: validate nested VLAN headers - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/eb3765b90eb8f2a3d6310a80c14a9e57ec4267a2
generic

net: sched: act_csum: validate nested VLAN headers - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/c842743d073bdd683606cb414eb0ca84465dd834
generic

net: sched: act_csum: validate nested VLAN headers - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/a69738efea0996d05a3c7d2178551b891744df1b
generic

net: sched: act_csum: validate nested VLAN headers - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/3d165d975305cf76ff0b10a3c798fb31e5f5f9a5

Patch Availability(4)

Vendor / EcosystemFixed in / PatchReleasedSource
redhatkernel-0:6.12.0-211.18.1.el10_22026-05-28redhat
redhatkernel-rt-0:4.18.0-553.126.1.rt7.467.el8_102026-05-28redhat
redhatkernel-0:4.18.0-553.126.1.el8_102026-05-28redhat
redhatkernel-0:5.14.0-687.12.1.el9_82026-05-28redhat

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Frequently asked(5)

What is CVE-2026-31684?
CVE-2026-31684 is a medium vulnerability published on April 25, 2026. In the Linux kernel, the following vulnerability has been resolved: net: sched: act_csum: validate nested VLAN headers tcfcsumact() walks nested VLAN headers directly from skb->data when an skb still carries in-payload VLAN tags. The current code reads vlan->hvlanencapsulatedproto and then pulls…
When was CVE-2026-31684 disclosed?
CVE-2026-31684 was first published in the National Vulnerability Database on April 25, 2026, with the most recent update on June 1, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-31684 actively exploited?
CVE-2026-31684 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 1.9% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-31684?
CVE-2026-31684 has a CVSS v3 base score of 5.5 (NVD).
How do I remediate CVE-2026-31684?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-31684, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-31684

Explore →

Is Your Infrastructure Affected by CVE-2026-31684?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.