CVE-2026-53221

CRITICALPre-NVD 9.89.8
EchelonGraph scoreHIGH confidence

Score 9.8 from GitHub Security Advisory (severity: CRITICAL) published 2026-06-25. a secondary CVSS source baseline 9.8; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, secondary
9.8
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 1%CVSS: 9.8Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()

In vti6_tnl_lookup(), when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels:

  • Tunnels matching the packet's local address, with any remote address
wildcard remote).
  • Tunnels matching the packet's remote address, with any local address
(wildcard local).

However, vti6 stores all these different types of tunnels in the same hash table (ip6n->tnls_r_l) prone to hash collisions.

The bug is that the fallback search loops in vti6_tnl_lookup() were missing checks to ensure that the candidate tunnel actually has a wildcard address.

CVSS v3
9.8
EG Score
9.8(high)
EPSS
42.5%
KEV
Not listed

Published

June 25, 2026

Last Modified

July 2, 2026

Advisory Details (8)

Auto-updated Jul 3, 2026
No patch confirmed yet.
generic

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/fc657ac0767c49839b3ef0b08dc0953ca30883f8
generic

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/f513f308cc4bdb4530d033431592ffbc29b7fca1
generic

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/c327fa4fca31415431202e063767a7ae342e19c6
generic

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/a5c0359f5cbc51a2e2b114d6041e0f3c73f903e9
generic

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/90fd4513315ca07da99cfd8549d3e553a7160f0d
generic

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/47fb3c2b4203556308e64354b3e78f2ce221d646
generic

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/2fc7bc087cc7085368263d9d37bfe9a0bddd6a2d
generic

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/2abfb19bbb81958714ad1d43ebeb65b30394184b

Vendor Advisories for CVE-2026-53221(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Frequently asked(5)

What is CVE-2026-53221?
CVE-2026-53221 is a critical vulnerability published on June 25, 2026. In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix incorrect tunnel matching in vti6tnl_lookup() In vti6tnllookup(), when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: Tunnels matching the packet's local address, with any…
When was CVE-2026-53221 disclosed?
CVE-2026-53221 was first published in the National Vulnerability Database on June 25, 2026, with the most recent update on July 2, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-53221 actively exploited?
CVE-2026-53221 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 42.5% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-53221?
CVE-2026-53221 has a CVSS v3 base score of 9.8 (NVD).
How do I remediate CVE-2026-53221?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-53221, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-53221

Explore →

Is Your Infrastructure Affected by CVE-2026-53221?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.