CVE-2026-53216

CRITICALPre-NVD 9.89.8
EchelonGraph scoreHIGH confidence

Score 9.8 from GitHub Security Advisory (severity: CRITICAL) published 2026-06-25. a secondary CVSS source baseline 9.8; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, secondary
Trending — 3 sources updated this week
9.8
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 1%CVSS: 9.8Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

net: mvpp2: limit XDP frame size to the RX buffer

mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGE_SIZE. The XDP path nevertheless initializes every xdp_buff with PAGE_SIZE as frame size.

XDP helpers use frame_sz to validate tail growth and to derive the hard end of the data area. Advertising PAGE_SIZE for short buffers can let bpf_xdp_adjust_tail() grow a packet past the real allocation, corrupting memory or later tripping skb tailroom checks.

Initialize the XDP buffer with bm_pool->frag_size so XDP tailroom matches the actual buffer backing the packet.

CVSS v3
9.8
EG Score
9.8(high)
EPSS
41.8%
KEV
Not listed

Published

June 25, 2026

Last Modified

July 2, 2026

Advisory Details (7)

Auto-updated Jul 3, 2026
No patch confirmed yet.
generic

net: mvpp2: limit XDP frame size to the RX buffer - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/f3c6aa078927e6fe8121c9c591ddee8716c5305a
generic

net: mvpp2: limit XDP frame size to the RX buffer - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/ec8e1e5842bc0dbd4c272761f4db3651eecd0339
generic

net: mvpp2: limit XDP frame size to the RX buffer - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/a3ee9231ccec6ec3be2de89c56f897055fd9eab1
generic

net: mvpp2: limit XDP frame size to the RX buffer - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/994bd2b58d2bd08aa97ec0836cc813cfcb00d749
generic

net: mvpp2: limit XDP frame size to the RX buffer - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/9545cc5ef18ca22d031f2f47c157192460652359
generic

net: mvpp2: limit XDP frame size to the RX buffer - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/910617a4e67dbdd5fdb39d9dc6a51e491e1b2c3e
generic

net: mvpp2: limit XDP frame size to the RX buffer - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/3b8b0c3631b19faee53f0d15a49924129b063eec

Vendor Advisories for CVE-2026-53216(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Data Freshness Timeline

(refreshed 86× in last 7d / 98× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-07 04:00 UTCEG score recompute
  2. 2026-07-07 04:00 UTCGHSA enrichment
  3. 2026-07-06 23:54 UTCEG score recompute
  4. 2026-07-06 23:54 UTCGHSA enrichment
  5. 2026-07-06 20:01 UTCEG score recompute
  6. 2026-07-06 20:01 UTCGHSA enrichment
  7. 2026-07-06 16:27 UTCEPSS rescore
  8. 2026-07-06 16:27 UTCEPSS rescore
  9. 2026-07-06 16:07 UTCEG score recompute
  10. 2026-07-06 16:06 UTCGHSA enrichment
  11. 2026-07-06 12:12 UTCEG score recompute
  12. 2026-07-06 12:12 UTCGHSA enrichment
  13. 2026-07-06 08:03 UTCEG score recompute
  14. 2026-07-06 08:02 UTCGHSA enrichment
  15. 2026-07-06 04:04 UTCEG score recompute
  16. 2026-07-06 04:03 UTCGHSA enrichment
  17. 2026-07-06 02:23 UTCEPSS rescore
  18. 2026-07-06 02:23 UTCEPSS rescore
  19. 2026-07-06 00:12 UTCEG score recompute
  20. 2026-07-06 00:12 UTCGHSA enrichment
  21. 2026-07-05 20:21 UTCEG score recompute
  22. 2026-07-05 20:21 UTCGHSA enrichment
  23. 2026-07-05 16:30 UTCEG score recompute
  24. 2026-07-05 16:30 UTCGHSA enrichment
  25. 2026-07-05 12:33 UTCEG score recompute
Show 73 more
  1. 2026-07-05 12:32 UTCGHSA enrichment
  2. 2026-07-05 08:41 UTCEG score recompute
  3. 2026-07-05 08:41 UTCGHSA enrichment
  4. 2026-07-05 04:50 UTCEG score recompute
  5. 2026-07-05 04:50 UTCGHSA enrichment
  6. 2026-07-05 02:31 UTCEPSS rescore
  7. 2026-07-05 02:30 UTCEPSS rescore
  8. 2026-07-05 00:49 UTCEG score recompute
  9. 2026-07-05 00:49 UTCGHSA enrichment
  10. 2026-07-04 20:59 UTCEG score recompute
  11. 2026-07-04 20:59 UTCGHSA enrichment
  12. 2026-07-04 17:07 UTCEG score recompute
  13. 2026-07-04 17:07 UTCGHSA enrichment
  14. 2026-07-04 13:13 UTCEG score recompute
  15. 2026-07-04 13:13 UTCGHSA enrichment
  16. 2026-07-04 09:22 UTCEG score recompute
  17. 2026-07-04 09:22 UTCGHSA enrichment
  18. 2026-07-04 06:31 UTCEPSS rescore
  19. 2026-07-04 06:31 UTCEPSS rescore
  20. 2026-07-04 05:31 UTCEG score recompute
  21. 2026-07-04 05:31 UTCGHSA enrichment
  22. 2026-07-04 01:39 UTCEG score recompute
  23. 2026-07-04 01:39 UTCGHSA enrichment
  24. 2026-07-03 21:47 UTCEG score recompute
  25. 2026-07-03 21:47 UTCGHSA enrichment
  26. 2026-07-03 17:56 UTCEG score recompute
  27. 2026-07-03 17:56 UTCGHSA enrichment
  28. 2026-07-03 14:01 UTCEG score recompute
  29. 2026-07-03 14:01 UTCGHSA enrichment
  30. 2026-07-03 10:10 UTCEG score recompute
  31. 2026-07-03 10:10 UTCGHSA enrichment
  32. 2026-07-03 06:19 UTCEG score recompute
  33. 2026-07-03 06:18 UTCGHSA enrichment
  34. 2026-07-03 02:21 UTCEG score recompute
  35. 2026-07-03 02:21 UTCGHSA enrichment
  36. 2026-07-02 22:31 UTCEG score recompute
  37. 2026-07-02 22:31 UTCGHSA enrichment
  38. 2026-07-02 18:41 UTCEG score recompute
  39. 2026-07-02 18:41 UTCGHSA enrichment
  40. 2026-07-02 14:50 UTCEG score recompute
  41. 2026-07-02 14:50 UTCGHSA enrichment
  42. 2026-07-02 11:00 UTCEG score recompute
  43. 2026-07-02 11:00 UTCGHSA enrichment
  44. 2026-07-02 06:46 UTCEG score recompute
  45. 2026-07-02 06:46 UTCGHSA enrichment
  46. 2026-07-02 02:56 UTCEG score recompute
  47. 2026-07-02 02:55 UTCGHSA enrichment
  48. 2026-07-01 23:05 UTCEG score recompute
  49. 2026-07-01 23:05 UTCGHSA enrichment
  50. 2026-07-01 19:12 UTCEG score recompute
  51. 2026-07-01 19:12 UTCGHSA enrichment
  52. 2026-07-01 15:21 UTCEG score recompute
  53. 2026-07-01 15:21 UTCGHSA enrichment
  54. 2026-07-01 15:07 UTCEPSS rescore
  55. 2026-07-01 11:30 UTCEG score recompute
  56. 2026-07-01 11:30 UTCGHSA enrichment
  57. 2026-07-01 07:40 UTCEG score recompute
  58. 2026-07-01 07:40 UTCGHSA enrichment
  59. 2026-07-01 03:50 UTCEG score recompute 9.80
  60. 2026-07-01 03:50 UTCGHSA enrichment
  61. 2026-06-30 23:22 UTCEPSS rescore
  62. 2026-06-29 14:06 UTCEPSS rescore
  63. 2026-06-29 14:06 UTCEPSS rescore
  64. 2026-06-28 14:07 UTCEPSS rescore
  65. 2026-06-28 07:52 UTCMITRE cvelistV5CVSS v3 → 9.8 · severity → CRITICAL
  66. 2026-06-28 06:58 UTCEG score recompute
  67. 2026-06-28 06:58 UTCGHSA enrichment
  68. 2026-06-28 04:56 UTCEPSS rescore
  69. 2026-06-28 04:56 UTCEPSS rescore
  70. 2026-06-27 03:08 UTCEPSS rescore
  71. 2026-06-25 13:49 UTCEPSS rescore
  72. 2026-06-25 10:07 UTCEG score recompute
  73. 2026-06-25 10:06 UTCGHSA enrichment

Frequently asked(5)

What is CVE-2026-53216?
CVE-2026-53216 is a critical vulnerability published on June 25, 2026. In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGE_SIZE as frame size. XDP helpers…
When was CVE-2026-53216 disclosed?
CVE-2026-53216 was first published in the National Vulnerability Database on June 25, 2026, with the most recent update on July 2, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-53216 actively exploited?
CVE-2026-53216 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 41.8% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-53216?
CVE-2026-53216 has a CVSS v3 base score of 9.8 (NVD).
How do I remediate CVE-2026-53216?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-53216, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-53216

Explore →

Is Your Infrastructure Affected by CVE-2026-53216?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.