news
CVE-2026-23111 Impacting nf_tables
-
Hacker News ☛ One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June 8, and it is not even the first public exploit: FuzzingLabs published an independent reproduction back in April.
-
Ars Technica ☛ High-severity vulnerability in Linux caused by a single faulty character
The vulnerability, tracked as CVE-2026-23111, is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It’s used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables.
-
Security Affairs ☛ CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”.
Two more links:
-
A single character could be enough to let hackers crack your Linux kernel
A single stray character sitting in the Linux kernel created a logic inversion bug that enabled privilege escalation, leading to a (theoretical) full device takeover.
The bug was discovered in early 2025 by security researcher Oliver Sieber from Exodus Intelligence, who later demonstrated a full working local root exploit, and is now tracked as CVE-2026-23111 and given a severity score of 7.8/10 (high).
-
Linux Kernel Bug Caused by Single Character Opens Path to Root Access
A high-severity Linux kernel vulnerability that allows local users to obtain root privileges has attracted attention because the bug originated from a single misplaced character in the operating system’s code.
The flaw, tracked as CVE-2026-23111, affects the nf_tables packet-filtering framework used by Linux firewall deployments.