CVE-2026-31637 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 27, 2026
Linux Kernel - Authentication Bypass
Overview
Linux kernel contains a broken authentication caused by improper handling of RXKAD response ticket decryption in rxkad_decrypt_ticket(), letting attackers send malformed responses to bypass decryption checks, exploit requires network access to send crafted RXKAD responses.
Severity & Score
Impact
Attackers can bypass decryption checks, potentially leading to unauthorized access or denial of service by aborting connections.
Mitigation
Update to the latest Linux kernel version with the fix for RXKAD ticket decryption.
References
- https://git.kernel.org/stable/c/47073aab8a3a5a7b41c9bd37d2a3dcbeeccd6c8a
- https://git.kernel.org/stable/c/58fcd1b156152613ba00a064a129fb69507ddd7d
- https://git.kernel.org/stable/c/a149dcae23309df9de1c3b6b5d468610ef5ab7de
- https://git.kernel.org/stable/c/fe4447cd95623b1cfacc15f280aab73a6d7340b2
- https://git.kernel.org/stable/c/22f6258e7b31dba9bf88dce4e3ee7f0f20072e60
Social Media Activity(1 post)
š“ CVE-2026-31637 - Critical (9.8) In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cry... š https://www.thehackerwire.com/vulnerability/CVE-2026-31637/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-31637
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 4.6%
- Social Posts
- 1
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H