CVE-2026-46243
smb: client: reject userspace cifs.spnego descriptions
In the Linux kernel, the following vulnerability has been resolved:
smb: client: reject userspace cifs.spnego descriptions
cifs.spnego key descriptions contain authority-bearing fields such as
pid, uid, creduid, and upcall_target that cifs.upcall treats as
kernel-originating inputs. However, userspace can also create keys of
this type through request_key(2) or add_key(2), allowing those fields to
be supplied without CIFS origin.
Only accept cifs.spnego descriptions while CIFS is using its private
spnego_cred to request the key.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
Linux · Linuxpublic PoCs found — 4
githubgithub.com/Koshmare-Blossom/CIFSwitch-go★ 2githubgithub.com/MrForkBomb/CIFSwitch-Checker-CVE-2026-46243★ 2githubgithub.com/liamromanis101/cifswitch-check★ 0cve_referencegithub.com/manizada/CIFSwitchunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/manizada/CIFSwitchhttps://git.kernel.org/stable/c/0aece6685fc80a8de492688ca2315fb86ec379c7https://git.kernel.org/stable/c/2035acfb17221729b1b8ac335e941868a04ca079https://git.kernel.org/stable/c/3da1fdf4efbc490041eb4f836bf596201203f8f2https://git.kernel.org/stable/c/7713bd320ed4fc3d08a227cd8e41242219a16981https://git.kernel.org/stable/c/91f89c1d83e80417629791fcef6af8140d7d01c8https://git.kernel.org/stable/c/9544559e59438a4b609b2fdfa0763d8360572824https://git.kernel.org/stable/c/a3bbda6502a9398b816fa2e71c9a3f955f58013dhttps://git.kernel.org/stable/c/cf20038657d6d4974349556a34e08fe0490bebbchttp://www.openwall.com/lists/oss-security/2026/06/01/6