By vendor
Linux vulnerabilities
Known CVEs affecting Linux products, prioritized by severity, with SEC.co remediation and detection guidance.
497 published vulnerabilities · page 5 of 5
- CVE-2026-46182MEDIUM 5.5
A vulnerability in the Linux kernel's IBM POWER Systems (pseries) PAPR hypervisor pipe driver allows uninitialized kernel memory to be exposed to unprivileged users. When the driver copies a header structure to userspace, it fails to zero out reserved padding fields within that structure, inadvertently leaking sensitive kernel data. An attacker with local access could read this leaked memory to potentially gather information about the running kernel state.
- CVE-2026-46184MEDIUM 5.5
A USB audio device driver in the Linux kernel can crash if a malformed device provides zero audio channels. The driver fails to validate a critical USB descriptor field before using it in calculations, leading to a division-by-zero error when the device is connected. An attacker with physical access to plug in a crafted USB device could trigger a kernel panic on vulnerable systems.
- CVE-2026-46186MEDIUM 5.5
A flaw in the Linux kernel's Bluetooth virtio driver fails to validate that incoming packets contain enough data before processing them. When a malformed or truncated packet arrives, the driver can read beyond the packet's actual boundaries, potentially accessing uninitialized memory. This could cause the system to crash or misbehave, particularly on systems with active Bluetooth connections.
- CVE-2026-46188MEDIUM 5.5
A flaw exists in the Linux kernel's Cavium Octeon EP VF driver where a memory allocation function can fail but the code doesn't check for failure. When this happens, the driver tries to use the failed allocation as if it were valid, causing the system to crash. This is a local issue requiring user-level access to trigger.
- CVE-2026-46192MEDIUM 5.5
A flaw exists in the Linux kernel's Microchip QSPI (Quad SPI) driver that causes read operations to fail when using dual or quad-mode communication. The driver incorrectly attempts to transmit garbage data to generate clock cycles during read-only operations, but QSPI lacks a dedicated output line for this purpose in these modes. This causes the transfer to stall, effectively making data reads unreliable or impossible on affected systems using this driver.
- CVE-2026-46193MEDIUM 5.5
A flaw in the Linux kernel's AH (Authentication Header) implementation causes incorrect packet authentication when Extended Sequence Numbers (ESN) are enabled and async cryptographic operations are used. The kernel miscalculates where authentication data is stored during async callbacks, leading to the comparison of wrong bytes and packet validation failures. This breaks IPsec AH protection on affected systems.
- CVE-2026-46196MEDIUM 5.5
A flaw in the Linux kernel's tracepoint subsystem can leave internal state in an inconsistent condition when probe registration fails. Specifically, when the kernel tries to activate a tracepoint for the first time and the activation succeeds but the probe installation fails (e.g., due to out-of-memory conditions), the cleanup routine is never called. This leaves persistent overhead on every task in the system—most notably for syscall tracing—until the system is rebooted. The issue is a resource leak of kernel state rather than a direct security bypass, but it degrades performance and system stability under memory pressure or specific tracepoint registration sequences.
- CVE-2026-46200MEDIUM 5.5
A flaw in the Linux kernel's MPC52xx SPI controller driver can cause a system crash or denial of service when the driver is unloaded. The issue stems from improper resource cleanup during driver removal—specifically, the controller is disabled and its resources (interrupts, GPIOs) are released before the controller is properly deregistered from the kernel, leaving dangling references that can trigger a crash.
- CVE-2026-46202MEDIUM 5.5
A locking bug in the Linux kernel's Apple Touch Bar keyboard driver (hid-appletb-kbd) causes the system to attempt sleeping operations from atomic (interrupt) contexts where sleeping is forbidden. The bug occurs in two code paths that adjust keyboard backlight brightness: a periodic inactivity timer and a user-activity reset handler. Both trigger calls to the backlight subsystem's brightness function, which tries to acquire a mutex while running in softirq or IRQ context, causing kernel warnings and potential system instability. The fix moves these blocking operations to a workqueue, allowing them to run safely in process context.
- CVE-2026-46207MEDIUM 5.5
A flaw in the Linux kernel's vsock/virtio module causes monitoring tools to receive incomplete data when handling certain network packets. Specifically, when the kernel processes non-linear network buffers for the virtual socket monitoring interface (vsockmon), it fails to properly initialize a data structure that controls how much information gets copied. This leaves monitoring tools unable to see the full payload of these packets, potentially obscuring network activity. The issue affects local processes with standard privileges and could be exploited to hide data from network inspection.
- CVE-2026-46211MEDIUM 5.5
A flaw in the Linux kernel's graphics driver (msm/gem) causes an ioctl function to report success even when it fails. When userspace attempts to retrieve metadata about graphics objects, the function incorrectly returns 0 (success) even if the underlying operations—such as copying data to userspace or allocating memory—actually fail. Additionally, if memory allocation fails, the code does not check for a NULL pointer, leading to a crash. This allows applications to think they've successfully retrieved metadata when they haven't, or to trigger a denial of service.
- CVE-2026-46214MEDIUM 5.5
A flaw in the Linux kernel's virtual socket (vsock) implementation can cause connection listeners to stop accepting new connections after a small number of transport negotiation failures. The bug occurs in the virtio transport layer when the code increments an internal counter to track pending connections but fails to decrement it if the transport negotiation fails. After enough failed attempts, the listener incorrectly believes its connection queue is full and rejects all new incoming connections, effectively causing a denial of service for applications relying on vsock communication.
- CVE-2026-46216MEDIUM 5.5
A flaw in the Linux kernel's GPU driver for Intel Arc graphics allows a local attacker with basic user privileges to crash the system. The vulnerability occurs when certain GPU components (specifically the media GT) are disabled through system configuration. Under these conditions, the driver attempts to access memory that hasn't been allocated, causing a kernel panic. An attacker with local access can trigger this crash, resulting in a denial of service. This is a localized memory safety issue that requires local access to exploit.
- CVE-2026-46220MEDIUM 5.5
A vulnerability in the Linux kernel's AMD GPU driver allows an unprivileged user to crash the system by submitting specially crafted graphics commands. The driver was using an overly aggressive error check (BUG_ON) that would panic the entire kernel when it detected a misaligned memory address—even though the real fix should have happened earlier in the validation pipeline. By replacing these fatal assertions with warnings, the system can log the problem without crashing, while proper validation is moved to the correct layer of the code.
- CVE-2026-46221MEDIUM 5.5
A memory leak exists in the Linux kernel's EDAC (Error Detection and Correction) versalnet driver. When the driver initializes memory controller devices, it allocates memory for a device name string but fails to properly free it during normal driver removal. The kernel's device registration process copies the name internally and then loses track of the original allocation, leaving orphaned memory that cannot be reclaimed. This gradually consumes system memory over repeated device initialization and removal cycles.
- CVE-2026-46222MEDIUM 5.5
A flaw exists in the Linux kernel's Rockchip RKCam Interface (rkcif) media driver where certain data connection points (pads) lack proper validation checks. When a video stream is started on a device where these pads are not correctly connected, the kernel attempts to access memory that doesn't exist, causing the system to crash. This is a local issue—only users with login access to the affected system can trigger it, typically through video application commands.
- CVE-2026-46223MEDIUM 5.5
This Linux kernel vulnerability centers on a deadlock condition in cgroup resource management during container shutdown. When a system administrator removes a cgroup (via rmdir), the kernel's cleanup logic can become stuck waiting for tasks to exit under certain conditions—specifically when the process performing the removal is also responsible for reaping zombie processes. This creates a circular dependency where the cleanup cannot proceed because the reaper is blocked, and the zombies cannot be cleaned because the reaper is stuck. The fix defers the actual cleanup work to run asynchronously after tasks have already left the cgroup, allowing the rmdir operation to return promptly while kernel-side cleanup continues in the background.
- CVE-2026-46224MEDIUM 5.5
A memory leak vulnerability exists in the Linux kernel's DRM (Direct Rendering Manager) Xe driver. When the driver attempts to initialize a DMA buffer object and encounters an allocation failure, it fails to properly clean up a pre-allocated buffer object, causing it to leak into memory. The vulnerability requires local system access and affects the kernel's ability to manage GPU memory correctly. While this is not a critical security issue, it can lead to denial of service through memory exhaustion over time.
- CVE-2026-46225MEDIUM 5.5
A flaw has been found in how the Linux kernel's SPI (Serial Peripheral Interface) RSPI driver shuts down. When a system stops using the driver, it wasn't properly cleaning up in the right order—specifically, it was releasing DMA (direct memory access) resources before telling the SPI controller to stop. This ordering problem can cause the system to become unstable or crash.
- CVE-2026-46226MEDIUM 5.5
A flaw in the Linux kernel's Freescale SPI controller driver can cause a system crash when the driver is unloaded. The issue occurs because the driver releases hardware resources (like DMA) before properly shutting down the SPI controller, leaving it in an inconsistent state. An attacker with local system access could trigger this crash by unloading the driver, resulting in a denial of service.
- CVE-2026-46228MEDIUM 5.5
A memory management flaw in the Linux kernel's SPI CH341 USB driver can cause memory to persist after the driver is unloaded, potentially leading to denial of service. The issue arises because device resources tied to a USB driver are incorrectly managed at the parent device level rather than at the individual interface level, preventing proper cleanup when drivers unbind without physical device disconnection.
- CVE-2026-46229MEDIUM 5.5
A vulnerability in the Linux kernel's AMD KFD (Kernel Fusion Driver) GPU memory management allows stale data from previous GPU memory allocations to remain accessible to new compute tasks. When GPU VRAM is allocated for new workloads, the kernel does not properly clear it, leaving behind fragments of prior page tables and data. Compute kernels can observe this leftover information, which can corrupt GPU-to-GPU communication protocols and cause application crashes, particularly in high-performance computing scenarios involving NVIDIA RCCL P2P transport operations.
- CVE-2026-46231MEDIUM 5.5
A flaw in the Linux kernel's batman-adv (B.A.T.M.A.N. Advanced) networking module leaks memory when certain network claim operations fail. Specifically, when the system attempts to record a new claim in an internal hash table but the insertion fails, it forgets to release a reference to a network backbone object, causing that object to remain in memory indefinitely. This gradual accumulation of unreleased objects can eventually degrade system performance or trigger a denial of service.
- CVE-2026-46233MEDIUM 5.5
A flaw in the Linux kernel's Batman-adv bridge loop avoidance (BLA) subsystem can cause a crash when the system attempts to clean up stale network bridge claims. The issue occurs because the cleanup routine doesn't properly check whether a claim is still valid before trying to access it, potentially leading to a null pointer dereference. An attacker with local access could trigger this condition to cause a denial of service.
- CVE-2026-46235MEDIUM 5.5
The Linux kernel's saa7164 media driver failed to properly validate whether memory mapping operations succeeded before using the results. When the kernel tries to map I/O memory regions for certain hardware (specifically PCI base address registers 0 and 2), it could receive a null pointer if the operation failed. The driver would then attempt to use these null pointers, causing a system crash. This patch adds defensive checks: if memory mapping fails, the driver now properly cleans up any partially allocated resources and safely reports an error instead of proceeding with unusable pointers.
- CVE-2026-46236MEDIUM 5.5
A flaw has been identified in the Linux kernel's Xbox remote control driver that mishandles memory buffers used for direct hardware communication (DMA). The driver incorrectly stores DMA buffers as part of the device structure, violating fundamental DMA coherency rules. This misconfiguration can cause the system to become unstable or unresponsive, though it requires local access to trigger. The issue affects systems running vulnerable versions of the Linux kernel with the Xbox remote driver enabled.
- CVE-2026-46239MEDIUM 5.5
A memory management bug in the Linux kernel's OV5647 camera driver causes system resources to not be properly released when certain camera control operations are performed. Specifically, three control settings—autogain, automatic exposure, and analog gain—skip the cleanup step that tells the system a resource is no longer needed, leaving the system in a degraded state. Repeated use of these controls can exhaust system resources and cause the kernel to become unstable or unresponsive.
- CVE-2026-46245MEDIUM 5.5
A flaw in the Linux kernel's AMD display driver (amdgpu) can cause a system crash when the driver attempts to initialize Hot Plug Detect (HPD) interrupts for video connectors. The problem occurs because the code checks whether a connector's data structure (dc_link) is valid in one place, but then later uses it without checking again, leading to a null pointer dereference. This vulnerability affects systems with AMD GPUs running vulnerable kernel versions and can be triggered by a local user, resulting in a denial of service.
- CVE-2026-46247MEDIUM 5.5
This vulnerability affects the Linux kernel's clock management subsystem, specifically the graphics processor (GFX3D) clock driver. A bug in how parent clock information is passed during rate calculations causes the system to crash when the GPU attempts to change its operating frequency. The issue emerged after a code refactoring that changed how clock dividers calculate rates. When the GPU's power management system tries to adjust clock speed—a routine operation during dynamic frequency scaling—the missing parent clock information causes a kernel panic. The vulnerability requires local access and affects systems running vulnerable kernel versions on Qualcomm-based devices.
- CVE-2026-46248MEDIUM 5.5
This vulnerability affects the Linux kernel's WiFi driver for Qualcomm Atheros ath12k chipsets. When a WiFi interface fails during setup for multi-link operation (MLO), the driver can retain stale data about link mappings. If a new connection attempt reuses the same link ID, the driver triggers a warning and may experience instability. The issue stems from incomplete cleanup during failed initialization—specifically, link deletion code only runs if the interface was fully created, leaving orphaned references behind.
- CVE-2026-46249MEDIUM 5.5
This Linux kernel vulnerability affects the OcteonTX2 ARM-based System-on-Chip (SoC) driver stack, specifically the Application Firmware (AF) and Physical Function (PF) drivers used in Marvell networking hardware. During a kexec reboot—a fast reboot mechanism that skips the firmware/BIOS phase—hardware state from the previous kernel persists. The bug occurs when AF fails to properly clear its initialization marker before shutdown. When the PF driver loads in the new kernel, it checks this marker to determine if AF is ready. Finding a stale marker, the PF driver incorrectly assumes AF has already initialized and attempts to access hardware that was never properly reset, causing a kernel crash. This is primarily a denial-of-service condition affecting systems performing kexec reboots with modular driver configurations.
- CVE-2026-46252MEDIUM 5.5
A locking bug exists in the Linux kernel's regulator power management subsystem. When the system attempts to enable a power supply regulator and that operation fails, the error-handling code releases a reference to the regulator object without holding the required lock. This creates a race condition where another part of the system could be accessing the regulator data simultaneously, potentially causing a crash or memory corruption. The fix involves using the correct function call that ensures proper locking during cleanup, and adding additional safeguards to prevent concurrent access while clearing internal pointers.
- CVE-2026-46254MEDIUM 5.5
A vulnerability in the Linux kernel's AppArmor security module can cause system crashes or hangs when AppArmor processes policy rules containing improperly aligned data structures. The kernel's DFA (Deterministic Finite Automaton) tables used by AppArmor to enforce security policies may originate from either kernel memory or user-supplied configuration, and when these tables aren't properly aligned to 8-byte boundaries, certain CPU architectures trigger unaligned memory access errors. This is a denial-of-service issue—an unprivileged user with the ability to load or modify AppArmor policies could crash the kernel without data loss or privilege escalation.
- CVE-2026-46255MEDIUM 5.5
The Linux kernel's fsl-edma driver contains a resource management bug where clock handles are being manually disabled during driver removal, even though they were allocated using automatic cleanup functions. This causes the system to attempt disabling clocks that have already been cleaned up by the kernel, generating warnings and potentially destabilizing the driver removal process. The fix is straightforward: remove the redundant manual disable calls and let the automatic cleanup mechanism handle it.
- CVE-2026-46256MEDIUM 5.5
A recursion deadlock vulnerability exists in the Linux kernel's NFS LOCALIO feature, which optimizes loopback NFS mounts by bypassing the network when client and server run on the same system. Under memory pressure, the kernel's direct reclaim mechanism can trigger a circular chain: NFS writes → XFS filesystem → back into NFS page cache operations, causing the system to hang. The vulnerability requires local access and affects systems using LOCALIO-enabled NFS mounts. A fix ensures memory allocations in the LOCALIO code path use GFP_NOFS context to prevent this recursion.
- CVE-2026-46257MEDIUM 5.5
A flaw in the Linux kernel's SP804 timer driver can cause the system to crash when certain timing functions are called on ARM32 platforms. The issue arises when the SP804 timer is configured in a way that leaves a shared clock object uninitialized, but the kernel still tries to read from it. This vulnerability has been fixed by separating the delay timer functionality into its own dedicated clock instance, preventing the kernel from attempting to access uninitialized memory.
- CVE-2026-46258MEDIUM 5.5
A flaw in the Linux kernel's GPIO character device (cdev) interface causes the system to crash when creating a line handle. The issue occurs because code attempts to use a pointer after it has been intentionally cleared to NULL, leading to a crash when the kernel tries to access memory through that invalid pointer. This is a local issue—an authenticated user on the system would need to trigger it, typically through ioctl calls to the GPIO device.
- CVE-2026-46261MEDIUM 5.5
A vulnerability in the Linux kernel's SPI WPC flash interface unit driver can cause the system to crash due to a missing safety check. When the driver initializes, it attempts to access memory resources without first verifying they exist, potentially leading to a NULL pointer dereference that brings down the affected process or system. This is a localized denial-of-service issue requiring local system access to trigger.
- CVE-2026-46262MEDIUM 5.5
A deadlock vulnerability exists in the Linux kernel's audio subsystem (ASoC fsl_xcvr driver) where a recent locking fix introduced the opposite problem: the code attempts to re-acquire a lock that is already held by the calling function, causing the system to hang. When a user adjusts audio control settings through ALSA, the kernel deadlocks instead of safely updating the configuration.
- CVE-2026-46268MEDIUM 5.5
A logic error in the Linux kernel's PCI peer-to-peer DMA memory allocation code causes a spurious warning to be logged when kernel debug features are enabled. The vulnerability stems from a mismatch between a code assertion and a prior change to how memory pages are initialized—the assertion expects a non-zero reference count, but the pages are now created with a zero count by design. While the actual functionality remains intact, the warning floods kernel logs and can trigger monitoring alerts, degrading system observability and potentially masking other issues.
- CVE-2026-46269MEDIUM 5.5
A NULL pointer dereference vulnerability exists in the Linux kernel's Canaan K230 pinctrl driver. During device initialization, the driver attempts to access a device structure through an uninitialized pointer, causing the kernel to crash. The issue occurs because the code tries to retrieve the device reference via a control structure that hasn't been set up yet. An attacker with local access could trigger this crash by loading the affected driver or probing the device, leading to a denial of service.
- CVE-2026-11157MEDIUM 5.4
A script injection vulnerability in Google Chrome's accessibility features allows attackers to inject arbitrary scripts and HTML into web pages if a user installs a malicious extension. The vulnerability, tracked as CVE-2026-11157, requires user interaction (installing an extension) to exploit, making it a social engineering vector rather than a network-based attack. Chrome versions before 149.0.7827.53 are affected.
- CVE-2026-11232MEDIUM 5.4
Google Chrome versions before 149.0.7827.53 contain a flaw in how the TabGroups feature handles network input, allowing attackers to deceive users through fake or misleading visual elements in the browser interface. An attacker would need to trick a user into visiting a malicious website or intercepting network traffic, but the actual attack surface is relatively narrow—the vulnerability requires user interaction and does not enable data theft or system crashes on its own.
- CVE-2026-11243MEDIUM 5.4
Google Chrome versions before 149.0.7827.53 contain a flaw in how it handles downloads that allows an attacker to bypass navigation restrictions by serving a specially crafted web page. When a user visits the malicious page, the browser's normal safeguards that prevent unwanted navigation can be circumvented, potentially allowing redirection to unintended destinations or other restricted actions. The vulnerability requires user interaction (clicking or visiting a page) and affects Chrome on Windows, macOS, and Linux.
- CVE-2026-11004MEDIUM 5.3
CVE-2026-11004 is a memory disclosure vulnerability in Google Chrome's ANGLE graphics library. An attacker who has already compromised Chrome's renderer process can craft a malicious HTML page to read sensitive data from the browser's memory. While this requires prior compromise of the renderer, the ability to extract potentially sensitive information makes it a meaningful security concern for organizations running Chrome.
- CVE-2026-11098MEDIUM 5.3
Google Chrome versions prior to 149.0.7827.53 contain a flaw in GPU handling that allows an attacker with control of the renderer process to extract sensitive data from other websites. The vulnerability requires user interaction and a compromised renderer, making it a targeted risk rather than a mass-exploitation vector. The issue stems from insufficient validation when processing untrusted input, permitting cross-origin information disclosure.
- CVE-2026-11174MEDIUM 5.3
CVE-2026-11174 is a Site Isolation bypass vulnerability in Google Chrome that allows an attacker who has already compromised a browser's renderer process to read sensitive data from other websites. The flaw stems from improper implementation of Chrome's Site Isolation feature, a critical security boundary that normally prevents one website from accessing another's data. An attacker would need to first gain control of the renderer process—typically through a separate vulnerability—and then use a specially crafted HTML page to circumvent this protection. While the attack requires a prior compromise, the consequence of success is confidentiality loss across site boundaries.
- CVE-2026-11246MEDIUM 5.3
Google Chrome versions prior to 149.0.7827.53 contain a flaw in IndexedDB—a browser feature for storing data locally—that fails to properly validate user input. If an attacker compromises the renderer process (the part of Chrome that displays web pages), they can craft a malicious HTML page to bypass the same-origin policy, a critical security boundary that normally prevents one website from accessing another's data. This requires the attacker to already control the renderer process, which limits the immediate threat but remains a meaningful integrity risk.
- CVE-2026-11276MEDIUM 5.1
Google Chrome versions before 149.0.7827.53 contain a flaw in how the Cast feature (which enables screen mirroring and media streaming to nearby devices) processes network traffic. An attacker physically present on the same local network can send specially crafted traffic to bypass access controls that would normally prevent unauthorized casting operations. This is a local network attack that doesn't require user interaction but is limited in scope—it cannot crash systems or execute arbitrary code, only manipulate casting permissions.
- CVE-2026-9942MEDIUM 5.0
CVE-2026-9942 is a memory safety issue in ANGLE, the graphics abstraction layer used by Google Chrome. When a remote attacker has already compromised Chrome's renderer process, they can exploit this uninitialized memory condition to break out of Chrome's site isolation sandbox using a specially crafted HTML page. Site isolation is Chrome's primary defense against cross-site data theft; bypassing it allows an attacker to read data from other websites the user is visiting. This requires the renderer process to be already compromised, meaning it is a post-compromise escalation rather than an entry point.
- CVE-2026-9979MEDIUM 5.0
CVE-2026-9979 is a site isolation bypass vulnerability in Google Chrome that allows an attacker to escape the security boundary between different websites if they have already compromised Chrome's rendering engine. An attacker would need to trick a user into visiting a malicious HTML page while the renderer process is already under their control. Site isolation is Chrome's core defense mechanism that prevents one website's scripts from accessing another website's data; this vulnerability undermines that protection in a limited but serious scenario.
- CVE-2026-9980MEDIUM 5.0
Google Chrome versions before 148.0.7778.216 contain a flaw in how it validates input when printing documents. An attacker who has already compromised Chrome's rendering engine can exploit this to bypass Site Isolation, a security boundary that separates data between websites. This requires both a prior compromise of the renderer process and user interaction, making it a secondary attack in a chain rather than a standalone entry point.
- CVE-2026-11233MEDIUM 4.7
CVE-2026-11233 is a same-origin policy bypass vulnerability in Google Chrome's FoldableAPIs feature. An attacker who has already gained control of Chrome's renderer process—the component that executes web page code—can use a specially crafted HTML page to break through Chrome's security boundary and access data from websites the user visits. This requires the attacker to have already compromised the renderer, making it a secondary exploit rather than a direct entry point. The vulnerability affects Chrome versions prior to 149.0.7827.53.
- CVE-2026-11249MEDIUM 4.7
Google Chrome versions before 149.0.7827.53 contain a use-after-free vulnerability in the Network component. If an attacker compromises Chrome's renderer process—the sandboxed part that runs web content—they could read sensitive data from the browser's memory using a specially crafted HTML page. This is a memory safety issue: the code attempts to access data after it has already been freed, potentially exposing unencrypted information that was in use moments before.
- CVE-2026-46159MEDIUM 4.7
A race condition in the Linux kernel's btrfs filesystem driver can leak uninitialized kernel memory to unprivileged local users. The vulnerability exists in the ioctl handler that reports storage space information. When block groups are concurrently removed by the system during the space query operation, the kernel copies more data to userspace than it actually wrote, exposing sensitive kernel memory. An attacker with local access can exploit this timing window to read information that should not be accessible.
- CVE-2026-46187MEDIUM 4.7
The Linux kernel's RSI wireless driver has a race condition in how it shuts down worker threads. The driver uses two different methods to stop these threads: a self-terminating approach and an external stop command. When the self-terminating method completes first and then the external stop is called, the code tries to access a thread that has already been freed from memory—a use-after-free vulnerability. This affects local users with moderate privileges and can cause a system crash or unexpected behavior.
- CVE-2026-46194MEDIUM 4.7
A race condition exists in the Linux kernel's F2FS file system implementation that can cause a kernel crash. When an inode is being dropped from memory, the extent node destruction process does not properly signal that no new extent nodes should be added. Meanwhile, concurrent write-back operations may attempt to insert new extent nodes, creating a collision that triggers a kernel bug check. The vulnerability affects systems using F2FS, particularly in multi-threaded I/O scenarios where inode cleanup and write-back operations overlap.
- CVE-2026-46272MEDIUM 4.7
CVE-2026-46272 is a race condition in the Linux kernel's CoreSight Trace Memory Controller (TMC) Embedded Trace Receiver (ETR) driver. When a system attempts to run both performance tracing (perf) and sysfs-based hardware tracing simultaneously, a timing gap between buffer allocation and hardware enablement in sysfs mode allows the perf mode to initialize its own buffer state. This causes sysfs mode to later detect the unexpected state and trigger a kernel warning, resulting in denial of service through system instability. The vulnerability exists because the sysfs enablement process was split across two separate locking regions, creating a window where perf mode could intervene.
- CVE-2026-11031MEDIUM 4.3
Google Chrome's Password Manager fails to properly validate input from network traffic before displaying it to users. An attacker can craft malicious network data that tricks the Password Manager interface into showing fake or misleading information—for example, a phishing prompt that looks legitimate. This affects Chrome versions before 149.0.7827.53 on Windows, macOS, and Linux.
- CVE-2026-11062MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a vulnerability in how it enforces policies on browser extensions. An attacker could create a malicious extension that, if installed by a user, would be able to inject malicious scripts or HTML code into sensitive browser pages. While the technical barrier is relatively low (it requires social engineering to trick a user into installing the extension), the impact is limited to tampering with page content rather than stealing data or causing system crashes.
- CVE-2026-11107MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how the browser handles the Downloads feature that allows an attacker to trick users with a deceptive webpage. Specifically, an attacker could craft a malicious HTML page that, when viewed in an affected Chrome browser, would display fake or misleading interface elements to deceive users—a technique called UI spoofing. The vulnerability requires user interaction (visiting the malicious page) but does not compromise confidentiality or system availability; the primary risk is deception around the integrity of what the user sees on their screen.
- CVE-2026-11126MEDIUM 4.3
A flaw in Google Chrome's Developer Tools (DevTools) allows an attacker to access data from different websites if they can trick a user into installing a malicious browser extension. The vulnerability has a CVSS score of 4.3 (Medium severity) and requires user interaction—specifically, the user must be convinced to install the malicious extension. Once installed, the crafted extension can exploit improper input validation in DevTools to leak cross-origin data that should normally be protected by browser security policies.
- CVE-2026-11155MEDIUM 4.3
Google Chrome versions prior to 149.0.7827.53 contain a flaw in how CSS is processed that could allow an attacker to trick a user into visiting a malicious website where sensitive data from other sites (cross-origin data) could be leaked. The attack requires user interaction—specifically clicking a link or visiting a crafted page—but does not require the attacker to have special permissions or bypass other security controls. The leaked information would be visible only to the attacker, not modified or destroyed.
- CVE-2026-11156MEDIUM 4.3
Google Chrome versions prior to 149.0.7827.53 contain a flaw in how it handles CSS styling rules that can allow an attacker to extract data from other websites you have open in your browser. An attacker would need to trick you into visiting a malicious webpage, and if successful could read sensitive information from other tabs or windows—such as content from your email, banking site, or other services—that you're simultaneously visiting. This is a cross-origin data leak vulnerability affecting the browser's CSS implementation.
- CVE-2026-11159MEDIUM 4.3
A memory safety issue in Google Chrome's Skia graphics library allows attackers to steal data from websites you visit. By crafting a malicious HTML page, an attacker could trick your browser into exposing information that should remain private to other websites—a cross-origin data leak. The vulnerability requires user interaction (clicking or viewing the page) but doesn't require special browser settings or authentication. Google patched this in Chrome 149.0.7827.53 and later versions.
- CVE-2026-11161MEDIUM 4.3
Google Chrome versions prior to 149.0.7827.53 contain a flaw in how it handles cross-origin data transfers. An attacker can craft a malicious HTML page that, when visited by a user, leaks sensitive information from websites the user is logged into or has visited. The vulnerability requires user interaction (clicking or visiting the page) but does not require special browser permissions or user sophistication to exploit.
- CVE-2026-11162MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a vulnerability in how the browser handles CSS that can allow attackers to steal data from other websites. An attacker would need to trick a user into visiting a malicious webpage, but once there, the flawed CSS implementation could expose sensitive information from pages the user has open in other tabs or windows. The risk is limited to information disclosure—the vulnerability does not allow attackers to modify data or crash the browser.
- CVE-2026-11192MEDIUM 4.3
Google Chrome's password manager has a flaw that fails to properly check information coming from the network. An attacker can exploit this by sending crafted network traffic to trick the browser's UI into displaying fake or misleading content—for example, mimicking legitimate login prompts or security warnings. The attacker cannot steal data or crash the browser, but they can manipulate what users see, potentially leading to credential theft or social engineering attacks if the spoofed interface convinces users to enter sensitive information.
- CVE-2026-11212MEDIUM 4.3
A vulnerability in Google Chrome's developer tools (DevTools) fails to properly enforce security policies that should prevent extensions from accessing data across different websites. An attacker could trick a user into installing a malicious Chrome extension, which could then exploit this flaw to steal sensitive information from websites the user visits. The issue affects Chrome versions before 149.0.7827.53.
- CVE-2026-11216MEDIUM 4.3
Google Chrome contains a flaw in how it displays security warnings for file input operations. An attacker can craft a malicious webpage that tricks users into performing specific mouse or keyboard actions—such as clicking or dragging—that trigger the file picker dialog. By manipulating the visual presentation of this dialog, the attacker can deceive the user about what action they're performing, potentially leading them to upload sensitive files or authorize unintended operations. This is a user-interaction vulnerability: it requires the attacker to convince the user to engage in the specific gestures, but once they do, the spoofed UI can create false impression of legitimacy.
- CVE-2026-11219MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how the browser implements navigation controls. An attacker can craft a malicious HTML page that, when visited, bypasses intended navigation restrictions—essentially allowing the page to navigate the browser or access certain destinations in ways it shouldn't be able to. The attack requires user interaction (clicking or visiting the page), but no special browser privileges. While Chromium rates this as Low severity internally, the CVSS scoring reflects Medium severity due to the potential for integrity compromise through navigation spoofing.
- CVE-2026-11221MEDIUM 4.3
A weakness in Google Chrome's PointerLock feature allows a threat actor who has already gained control of the browser's renderer process to deceive users through fake on-screen elements. The attacker would craft a malicious HTML page that tricks the browser into displaying misleading UI, potentially impersonating legitimate interface elements. This requires the renderer process to be compromised first, making it a secondary attack that typically follows another successful exploit.
- CVE-2026-11228MEDIUM 4.3
Google Chrome before version 149.0.7827.53 contains a flaw in how it handles file input operations that allows attackers to deceive users through visual manipulation. If an attacker can trick a user into performing specific clicks or interactions on a malicious webpage, they can spoof the browser interface—making fake buttons, dialogs, or other UI elements appear legitimate. This is a social engineering attack that relies on user interaction; the vulnerability itself is in Chrome's file input implementation.
- CVE-2026-11234MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a vulnerability in the FoldableAPIs feature that allows a remote attacker to bypass site isolation—Chrome's core security boundary that separates web pages from each other—if the attacker has already compromised the renderer process. Site isolation is one of Chrome's strongest defenses against malicious websites stealing data from other tabs or extensions. This vulnerability requires both a compromised renderer and user interaction, limiting the immediate threat but warranting timely patching.
- CVE-2026-11245MEDIUM 4.3
CVE-2026-11245 is a user interface spoofing vulnerability in Google Chrome's payment handling system. An attacker can craft a deceptive HTML page that tricks users into believing they are interacting with legitimate payment dialogs or security prompts, potentially leading to credential theft, social engineering, or other forms of user deception. The vulnerability requires user interaction (clicking or engaging with the malicious page) to be exploited, limiting its scope but not eliminating risk in realistic phishing or drive-by attack scenarios.
- CVE-2026-11252MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how it enforces content policies that could allow an attacker to bypass certain access controls through a specially crafted web page. The vulnerability requires user interaction—an attacker would need to trick someone into visiting a malicious page—but does not leak sensitive data or crash the browser. Instead, it could allow unauthorized modification of content or settings the user intended to protect.
- CVE-2026-11253MEDIUM 4.3
Google Chrome contained a flaw in how it handled permissions that could allow an attacker to trick users into visiting a specially crafted web page and leak data from other websites the user was visiting. The vulnerability requires user interaction (clicking or viewing a malicious page) and only affects data confidentiality, not system availability or integrity. Google has patched this in Chrome 149.0.7827.53 and later.
- CVE-2026-11254MEDIUM 4.3
Google Chrome versions prior to 149.0.7827.53 contain a UI spoofing vulnerability in its permissions implementation. An attacker can craft a malicious HTML page that, when visited by a user, displays fake permission prompts or other interface elements to deceive users into granting access or performing unintended actions. The attack requires user interaction—specifically, the victim must visit the attacker's page—but does not require any special browser configuration or privilege level.
- CVE-2026-11257MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how the browser implements navigation controls. An attacker can craft a malicious HTML page that, when visited by a user, bypasses the browser's built-in restrictions on where a page can navigate. This allows the attacker to redirect the user to unintended destinations or perform unwanted navigation actions, potentially leading to phishing, credential harvesting, or distribution of malware. The vulnerability requires user interaction (clicking or visiting the page) and affects Chrome on Windows, macOS, and Linux.
- CVE-2026-11259MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how the Cast feature validates user-supplied input. This allows an attacker to craft a malicious webpage that, when visited, can bypass Chrome's same-origin policy—a critical security boundary that prevents websites from accessing data belonging to other sites. The attack requires user interaction (visiting the page) but requires no special privileges. While Chromium rates the underlying severity as Low, the ability to circumvent same-origin policy elevates practical risk.
- CVE-2026-11260MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how it handles permissions that allows attackers to bypass the browser's Content Security Policy (CSP) protections via a specially crafted webpage. While the underlying browser vulnerability severity is rated as low, the CVSS assessment elevates this to medium risk because it requires user interaction but could enable an attacker to execute unintended behavior or inject content that CSP should block. The issue affects Chrome on Windows, macOS, and Linux.
- CVE-2026-11261MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how it handles PDF rendering that could allow an attacker to trick users into believing they're viewing legitimate content when they're not. If an attacker has already compromised Chrome's rendering engine (the component that displays web pages), they can craft a specially designed HTML page to perform UI spoofing—making fake buttons, warnings, or other interface elements appear authentic. This is a medium-severity issue because it requires both a prior compromise of the renderer process and user interaction to be exploited.
- CVE-2026-11264MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how Content Security Policy (CSP) is enforced. An attacker can craft a malicious HTML page that, when visited by a user, bypasses the browser's CSP protections. This allows the attacker to inject or execute content that the website owner intended to block, potentially leading to credential theft, session hijacking, or other attacks that degrade site security. The vulnerability requires user interaction—the victim must visit the malicious page—and does not directly compromise the browser itself or enable data exfiltration.
- CVE-2026-11266MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in the Safe Browsing feature that allows a remote attacker to bypass its protections by delivering a specially crafted file. An attacker would need to trick a user into opening or interacting with the malicious file, but if successful, the user's safety checks could be circumvented, potentially allowing access to sites or content that Safe Browsing would normally block.
- CVE-2026-11267MEDIUM 4.3
A vulnerability in Google Chrome's extension framework allows a malicious extension to bypass content security policy (CSP) protections if a user installs it. The issue stems from insufficient policy enforcement mechanisms that fail to properly validate extension behavior. While the underlying Chromium severity is rated as Low, the CVSS assessment elevates it to Medium due to the user interaction requirement combined with potential integrity impact. An attacker would need to socially engineer a user into installing a compromised extension—a realistic but not trivial attack vector.
- CVE-2026-11286MEDIUM 4.3
A flaw in Google Chrome's Wallet component allows attackers who have already compromised a browser's renderer process to trick users with fake UI elements displayed on a web page. This requires the attacker to first gain control of the renderer—the part of the browser that displays web content—which is a significant prerequisite but not impossible in real-world scenarios where other vulnerabilities or social engineering may be chained together.
- CVE-2026-11292MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in the Blink rendering engine that allows attackers to bypass Content Security Policy (CSP) protections through a specially crafted webpage. An attacker would need to trick a user into visiting a malicious site, where the weakness could enable injection of unintended content or scripts that CSP was supposed to prevent. While Chromium rates this as low severity, the CVSS score reflects moderate impact potential because CSP bypass can lead to unauthorized modifications of page behavior.
- CVE-2026-11294MEDIUM 4.3
Google Chrome versions prior to 149.0.7827.53 contain a flaw in password handling that allows attackers to create fake or misleading login screens through specially crafted web pages. An attacker would need to trick a user into visiting a malicious website, but once there, the browser's UI protections don't adequately prevent visual deception. This is not an authentication bypass—it's a user interface trick that could mislead people about whether they're interacting with legitimate Chrome UI or attacker-controlled content.
- CVE-2026-11300MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how it handles permissions that allows an attacker to trick users with a specially crafted web page. The attack doesn't steal data or crash the browser—instead, it displays fake permission dialogs or UI elements that might convince a user to grant access they shouldn't. The attacker needs the victim to visit the malicious page, but no special user configuration is required beforehand.
- CVE-2026-11309MEDIUM 4.3
Google Chrome versions before 149.0.7827.53 contain a flaw in how the browser enforces policies for the History feature. An attacker can craft a deceptive webpage that tricks users into believing they're interacting with legitimate browser UI elements or content. While the vulnerability requires user interaction and doesn't directly expose sensitive data or crash the browser, the spoofing capability could be weaponized in social engineering campaigns to steal credentials or manipulate user behavior.
- CVE-2026-9935MEDIUM 4.3
CVE-2026-9935 is a memory safety issue in Google Chrome's ANGLE graphics library that allows attackers to steal sensitive data from other websites. When you visit a malicious webpage, an attacker can craft it to leak information that should be isolated to other sites you have open. The vulnerability requires user interaction—you must visit the attack page—but the bar for exploitation is otherwise low. Google has classified this as High severity internally, though the CVSS score reflects a more limited scope.
- CVE-2026-9986MEDIUM 4.2
CVE-2026-9986 is a UI spoofing vulnerability in Google Chrome's OptimizationGuide component that could let an attacker deceive users about what they're seeing on a webpage. The vulnerability requires the attacker to have already compromised Chrome's rendering process—the engine that draws web content. While this limits the immediate attack scope, it represents a meaningful escalation risk for adversaries who have achieved code execution in that sandboxed component. The flaw stems from inadequate validation of user-supplied input before it's used to generate on-screen elements.
- CVE-2026-10998MEDIUM 4.0
CVE-2026-10998 is a memory safety issue in Google Chrome's media handling code that allows an attacker positioned on the same local network to read data from memory locations they shouldn't have access to. The vulnerability exists in Chrome versions before 149.0.7827.53. An attacker would need to send specially crafted network traffic to trigger an out-of-bounds read, which could potentially expose sensitive information resident in the browser's memory. This is a local-network-only threat, meaning the attacker must be on your network segment to exploit it.
- CVE-2026-11240LOW 3.1
CVE-2026-11240 is a low-severity input validation flaw in Google Chrome's Loader component that allows a remote attacker to bypass the browser's site isolation security feature, but only if they have already compromised the renderer process. Site isolation is Chrome's defense mechanism that runs each website in a separate process to prevent one compromised site from accessing data from another. An attacker would need to deliver a specially crafted HTML page to exploit this, making it a post-compromise risk rather than a direct remote code execution vector. The vulnerability affects Chrome versions prior to 149.0.7827.53.
- CVE-2026-11244LOW 3.1
CVE-2026-11244 is a low-severity flaw in Google Chrome's WebAuthentication feature that allows inadequate validation of user-supplied input. An attacker with prior access to Chrome's renderer process—the component responsible for displaying web pages—could craft a malicious HTML page to circumvent the browser's same-origin policy, a fundamental security boundary that prevents scripts from one website accessing data from another. This is not a direct remote code execution and requires both renderer process compromise and user interaction to succeed.
- CVE-2026-11251LOW 3.1
A flaw in Chrome's password manager allows a sophisticated attacker to read stored password information if they can first compromise Chrome's renderer process through a malicious web page. The vulnerability requires multiple conditions to exploit: the attacker must already control the rendering engine, the user must interact with the page, and the attack surface is limited to sensitive credential disclosure. Chrome versions before 149.0.7827.53 are affected. This is not a zero-click issue and does not allow code execution or system-level access.
- CVE-2026-9944LOW 3.1
CVE-2026-9944 is a memory safety issue in the ANGLE graphics library used by Google Chrome. An attacker who has already compromised Chrome's renderer process can craft a malicious webpage to leak sensitive data from other websites or origins. The vulnerability requires the renderer to be compromised first, limiting the attack surface, but the data leakage potential is real once that initial foothold exists. Chrome versions before 148.0.7778.216 are vulnerable on Windows, macOS, and Linux.