CVE-2026-46128

MEDIUMNVD 5.55.5
EchelonGraph scoreMEDIUM confidence

Score 5.5 from GitHub Security Advisory published 2026-05-28. NVD baseline CVSS 5.5; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
Trending — 4 sources updated this week
5.5
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 5.5Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

ipmi: Check event message buffer response for bad data

The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty message instead of an error when fetching events.

There are apparently some new BMCs that make this error, so we need to compensate.

CVSS v3
5.5
EG Score
5.5(medium)
EPSS
2.8%
KEV
Not listed

Published

May 28, 2026

Last Modified

June 24, 2026

Advisory Details (8)

Auto-updated Jun 24, 2026
No patch confirmed yet.
generic

ipmi: Check event message buffer response for bad data - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/cf1ef30c42a7079e5bad863cd01c52aa3a17c3ac
generic

ipmi: Check event message buffer response for bad data - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/7f7ada72c07a83b46045ddfeee526bd9e2e3c8f0
generic

ipmi: Check event message buffer response for bad data - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/474e53d4397087913a5b9c9eb90fa068da4808bf
generic

ipmi: Check event message buffer response for bad data - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/42432b579a594b66ac32e5e7b7c26e6bc578ec89
generic

ipmi: Check event message buffer response for bad data - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/36920f30e78e69df01f9691c470b6f3ba8aebf98
generic

ipmi: Check event message buffer response for bad data - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/24269264c3d59a49eb09b10af2c75b14f2931482
generic

ipmi: Check event message buffer response for bad data - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/2418e4b21fb1355504d095da5d5f0a210564a43d
generic

ipmi: Check event message buffer response for bad data - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/01f8387fa5b796f13cf50014c171f6da7abc46ea

Vendor Advisories for CVE-2026-46128(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Frequently asked(5)

What is CVE-2026-46128?
CVE-2026-46128 is a medium vulnerability published on May 28, 2026. In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty…
When was CVE-2026-46128 disclosed?
CVE-2026-46128 was first published in the National Vulnerability Database on May 28, 2026, with the most recent update on June 24, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-46128 actively exploited?
CVE-2026-46128 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 2.8% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-46128?
CVE-2026-46128 has a CVSS v3 base score of 5.5 (NVD).
How do I remediate CVE-2026-46128?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-46128, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-46128

Explore →

Is Your Infrastructure Affected by CVE-2026-46128?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.