What is CVE-2026-23060?

A medium-severity vulnerability in the Linux kernel could lead to a denial of service due to a NULL pointer dereference. Immediate action is required to mitigate risks associated with this flaw.

What is the severity of CVE-2026-23060?

CVE-2026-23060 has a severity rating of MEDIUM with a CVSS base score of 5.5.

CVE-2026-23060 | Medium Vulnerability in Linux Kernel

In the Linux kernel, a vulnerability has been identified related to the crypto subsystem, specifically with the authentication encryption function. This vulnerability allows a potential denial of service (DoS) due to a NULL pointer dereference.

The vulnerability arises when the associated length (assoclen) of the additional authenticated data (AAD) is less than the minimum expected length of 8 bytes. When this occurs, the function crypto_authenc_esn_decrypt() may advance past the end of the destination scatterlist, triggering the NULL pointer dereference in scatterwalk_map_and_copy(), which leads to a kernel panic.

This vulnerability has been assigned a CVSS score of 5.5, classifying it as medium severity. The attack vector is local, and while the complexity is low, the impact on availability is high, meaning that successful exploitation can cause significant disruptions.

Organizations should prioritize addressing this vulnerability in their patch management cycles, especially since the risk includes potential service outages.

Vulnerability Details

The official CVE description states: In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec. This vulnerability affects various versions of the Linux kernel, specifically those prior to 5.10.249, between 5.11 and 5.15.199, 5.16 and 6.1.162, 6.2 and 6.6.122, and others. The associated CWE is CWE-476.

The vulnerability was published on February 4, 2026, and has been analyzed for its impact and mitigation strategies.

Technical Analysis

The root cause of this vulnerability relates to insufficient validation of the associated length of the AAD in the crypto_authenc_esn_decrypt() function. When the AAD is shorter than expected, it can cause the function to proceed with invalid memory access.

The attack vector for this vulnerability is local, requiring an attacker to have access to the local system. The attack complexity is low, as it does not require any specialized knowledge or high-level privileges. The attacker needs low privileges to exploit this vulnerability, and user interaction is not required.

In terms of impacts, the vulnerability has no confidentiality or integrity impact, but it poses a high availability impact, as it can lead to a system crash or DoS.

Risk & Impact Analysis

Risk to organizations includes potential denial of service due to kernel panic, which can disrupt critical services. The availability impact is rated high, indicating that successful exploitation could lead to service outages, affecting business continuity.

Given the CVSS score of 5.5, organizations should assess their infrastructure and prioritize remediation efforts accordingly. This vulnerability should be addressed in the priority patch cycle to mitigate risks associated with potential exploitation.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions of the Linux kernel are affected by this vulnerability: versions prior to 5.10.249, versions between 5.11 and 5.15.199, versions between 5.16 and 6.1.162, and versions between 6.2 and 6.6.122. Additionally, specific release candidates of version 6.19 are also vulnerable.

Mitigation & Remediation

Organizations should prioritize patching the Linux kernel to the latest version or applying the relevant security updates. For those unable to update immediately, implementing network controls and monitoring for unusual behavior can help mitigate risks while a patch is applied.

Security testing can also validate the effectiveness of applied patches.

Detection Guidance

Monitoring system logs for signs of kernel panic events can be a key indicator of exploitation attempts. Additionally, keeping an eye on abnormal network traffic patterns can help detect potential exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights the importance of thorough validation checks in cryptographic functions within the kernel. It serves as a reminder for security teams to conduct regular audits and implement rigorous testing practices.

Organizations should also consider implementing a penetration testing methodology to uncover similar vulnerabilities in the future.

The trends represented by this vulnerability emphasize the need for continuous improvement in security practices and awareness across all levels of the organization.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-23060: Medium Vulnerability in Linux Kernel