CVE-2026-31431

high Fortinet ⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
96.8%
Exploitation probability in 30 days
Top 0% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: April 22, 2026 (78 days ago)
Last Modified: July 1, 2026
Vendor: Fortinet
Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2026-05-01
Remediation Due: 2026-05-15 (⚠ 55d overdue)

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

CWE

CWE-669

Affected Products

linux linux kernelredhat openshift container platformredhat enterprise linuxredhat enterprise linux ausredhat enterprise linux eusredhat enterprise linux tusredhat enterprise linux update services for sap solutionsamazon amazon linuxcanonical ubuntu linuxdebian debian linux

References