Main Vulnerability Database Exploits ID:12703 - Exploit for Improper access control in Linux kernel - CVE-2026-31717

ID:12703 - Exploit for Improper access control in Linux kernel - CVE-2026-31717

Published: May 15, 2026

Vulnerability identifier: #VU128984

Vulnerability risk: Low

CVE-ID: CVE-2026-31717

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
Linux kernel

Link to public exploit:

https://github.com/TurtleARM/CVE-2026-31717-KSMBD-Exploit

Vulnerability description

The vulnerability allows a remote user to hijack an orphaned durable handle.

The vulnerability exists due to improper access control in durable handle reconnect validation in ksmbd when processing SMB2 durable handle reconnect requests. A remote user can predict or brute-force the persistent ID and reconnect to the orphaned handle to hijack an orphaned durable handle.

The issue occurs because the reconnecting user's security context is not verified against the original opener's identity.

Remediation

Install security update from vendor's repository.

ID:12703 - Exploit for Improper access control in Linux kernel - CVE-2026-31717

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human