CVE-2026-46026 | net: qrtr: ns: Limit the maximum number of lookups

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a malicious local client sending a flood of NEW_LOOKUP messages over the same socket. Fix this issue by limiting the maximum number of lookups to 64 globally. Since the nameserver allows only atmost one local observer, this global lookup count will ensure that the lookups stay within the limit. Note that, limit of 64 is chosen based on the current platform requirements. If requirement changes in the future, this limit can be increased.

Published: 2026-05-27 Last update: 2026-05-27 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Awaiting Analysis，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2026-46026 is rated Low Risk (5.2/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-46026

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-28	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-46026

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2026-46026

GitHub Security Advisory for CVE-2026-46026

GHSA-5wpx-pvcm-rf34 · Severity: unknown — In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the...

OS Trackers for CVE-2026-46026

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2026-46026 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 3, open 2.	https://security-tracker.debian.org/tracker/CVE-2026-46026
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2026-46026
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2026-46026/
`ubuntu`	medium	CVE-2026-46026 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1422 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1024, ignored 169, needed 94, released 84, not-affected 45, pending 6.	https://ubuntu.com/security/CVE-2026-46026

Affected software / configurations for CVE-2026-46026

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2026-46026

URL	Tags
https://git.kernel.org/stable/c/0dbec101a7076e9b1e4bd1876f7cf07c56ff4ce3
https://git.kernel.org/stable/c/20855cef7e659ef84ac73251256fa530819b2346
https://git.kernel.org/stable/c/2b930bc77e00cb27e1d6e1d497b3b596283465ef
https://git.kernel.org/stable/c/5640227d9a21c6a8be249a10677b832e7f40dc55
https://git.kernel.org/stable/c/76adf8f69b0bb3ab20be7c58f5d555027332d113

cvelogic Threat Intelligence