CVE-2026-45873 | netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic skips anonymous set checks on start elements for this reason. However, it is possible to add intervals that overlap to this anonymous where two start elements with the same, eg. A-B, A-C where C < B. start end A B start end A C Restore the check on overlapping start elements to report an overlap.

Published: 2026-05-27 Last update: 2026-05-27 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Awaiting Analysis，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2026-45873 is rated Low Risk (7.4/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-45873

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-28	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-45873

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2026-45873

GitHub Security Advisory for CVE-2026-45873

GHSA-9868-rgmf-pm96 · Severity: unknown — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree:...

OS Trackers for CVE-2026-45873

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2026-45873 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2026-45873
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2026-45873
`suse`	—	—	https://www.suse.com/security/cve/CVE-2026-45873/
`ubuntu`	medium	CVE-2026-45873 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1422 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1024, ignored 169, needed 93, released 84, not-affected 33, pending 18, needs-triage 1.	https://ubuntu.com/security/CVE-2026-45873

Affected software / configurations for CVE-2026-45873

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2026-45873

URL	Tags
https://git.kernel.org/stable/c/029e5f6a95e905b12d6bc20421be32a01e0eb311
https://git.kernel.org/stable/c/05feaf826390fd16f1deb89dd9412def3b2a280f
https://git.kernel.org/stable/c/4780ec142cbb24b794129d3080eee5cac2943ffc
https://git.kernel.org/stable/c/7ca5813e1b21ef300e04593f47b073ef3217aac6
https://git.kernel.org/stable/c/dad14d22dff1a191612acb98facceb303d0524a2
https://git.kernel.org/stable/c/e6497e06a102870803a59570d75ed2c36d7e11b3
https://git.kernel.org/stable/c/f1381ce0a1dd013610985e1c4260908163a427df
https://git.kernel.org/stable/c/f1535d56fc3f6c625b7e0559c006bd0318791bb1

cvelogic Threat Intelligence