CVE-2026-53208

MEDIUMNVD 5.55.5
EchelonGraph scoreHIGH confidence

Score 5.5 from GitHub Security Advisory published 2026-06-25. NVD baseline CVSS 5.5; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
Trending — 4 sources updated this week
5.5
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 5.5Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig

net/bluetooth/l2cap_core.c:l2cap_sig_channel() accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU (MTUsig). A Bluetooth BR/EDR peer within radio range can send a fixed-channel CID 0x0001 packet that is larger than MTUsig and contains many L2CAP_ECHO_REQ commands before pairing. In a real-radio stock-kernel run, one 681-byte signaling packet containing 168 zero-length ECHO_REQ commands made the target transmit 168 ECHO_RSP frames over about 220 ms.

Impact: a Bluetooth BR/EDR peer within radio range, before pairing, can force 168 ECHO_RSP frames from one 681-byte fixed-channel signaling packet containing packed ECHO_REQ commands.

Define Linux's BR/EDR signaling MTU as the spec minimum of 48 bytes and reject any larger signaling packet with one L2CAP_COMMAND_REJECT_RSP carrying L2CAP_REJ_MTU_EXCEEDED before any command is dispatched.

The Bluetooth Core spec wording for MTUExceeded says the reject identifier shall match the first request command in the packet, and that packets containing only responses shall be silently discarded. Linux intentionally deviates from that prescription: silently discarding desynchronizes the peer because the remote stack never learns its responses were dropped, and locating the first request command requires walking command headers past MTUsig, i.e. processing bytes from a packet we have already decided is too large to process. We therefore always emit one reject and use the identifier from the first command header, a single fixed-offset byte read.

The unrestricted BR/EDR signaling parser and ECHO_REQ response path both trace to the initial git import; no later introducing commit is available for a Fixes tag.

CVSS v3
5.5
EG Score
5.5(high)
EPSS
2.4%
KEV
Not listed

Published

June 25, 2026

Last Modified

July 2, 2026

Advisory Details (8)

Auto-updated Jul 3, 2026
No patch confirmed yet.
generic

Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/fa5823126239b3e453fac1a2fe50726c7f4a55e1
generic

Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/e2b8acf9405bd9b1baf1c54dc897b0905db689bf
generic

Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/e05c4ac575b457978a7ef441053394169084869c
generic

Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/dedc92b96dc1d8919a3bdf2495ede68922ef7ebc
generic

Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/dd214733544427587a95f66dbf3adff072568990
generic

Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/b20e8a98dd29b121f58fcdf51e8576119aba536a
generic

Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/a8335f3db15bd1e0e82e0db5d488fabc7d10d1ab
generic

Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/214a2042b16b3c8d798a8b9ef9f36094f13a9859

Vendor Advisories for CVE-2026-53208(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Data Freshness Timeline

(refreshed 20× in last 7d / 31× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-06 21:32 UTCEG score recompute
  2. 2026-07-06 21:32 UTCGHSA enrichment
  3. 2026-07-06 16:27 UTCEPSS rescore
  4. 2026-07-06 16:27 UTCEPSS rescore
  5. 2026-07-06 02:23 UTCEPSS rescore
  6. 2026-07-06 02:23 UTCEPSS rescore
  7. 2026-07-05 21:30 UTCEG score recompute
  8. 2026-07-05 21:30 UTCGHSA enrichment
  9. 2026-07-05 02:31 UTCEPSS rescore
  10. 2026-07-05 02:30 UTCEPSS rescore
  11. 2026-07-04 21:28 UTCEG score recompute
  12. 2026-07-04 21:28 UTCGHSA enrichment
  13. 2026-07-04 06:31 UTCEPSS rescore
  14. 2026-07-04 06:31 UTCEPSS rescore
  15. 2026-07-03 21:26 UTCEG score recompute 5.50
  16. 2026-07-03 21:26 UTCGHSA enrichment
  17. 2026-07-02 22:05 UTCNVD updateCVSS v3 → 5.5 · severity → MEDIUM
  18. 2026-07-01 15:07 UTCEPSS rescore
  19. 2026-07-01 01:40 UTCGHSA enrichment
  20. 2026-06-30 23:22 UTCEPSS rescore
  21. 2026-06-29 08:04 UTCNVD update
  22. 2026-06-29 05:17 UTCMITRE cvelistV5
  23. 2026-06-28 14:07 UTCEPSS rescore
  24. 2026-06-28 05:53 UTCEG score recompute
  25. 2026-06-28 05:53 UTCGHSA enrichment
Show 6 more
  1. 2026-06-28 04:56 UTCEPSS rescore
  2. 2026-06-28 04:56 UTCEPSS rescore
  3. 2026-06-27 03:08 UTCEPSS rescore
  4. 2026-06-25 13:49 UTCEPSS rescore
  5. 2026-06-25 10:07 UTCEG score recompute
  6. 2026-06-25 10:07 UTCGHSA enrichment

Frequently asked(5)

What is CVE-2026-53208?
CVE-2026-53208 is a medium vulnerability published on June 25, 2026. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsig_channel() accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU…
When was CVE-2026-53208 disclosed?
CVE-2026-53208 was first published in the National Vulnerability Database on June 25, 2026, with the most recent update on July 2, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-53208 actively exploited?
CVE-2026-53208 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 2.4% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-53208?
CVE-2026-53208 has a CVSS v3 base score of 5.5 (NVD).
How do I remediate CVE-2026-53208?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-53208, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-53208

Explore →

Is Your Infrastructure Affected by CVE-2026-53208?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.