2,117 Linux Kernel CVEs in 2026 (Year to Date)
Year to date · Updated daily from NIST NVD
In 2026, 2,117 Linux kernel CVEs have been published so far, sourced daily from the NIST National Vulnerability Database. Of these, 74 are rated Critical and 665 High severity , with 1 confirmed as actively exploited via the CISA KEV catalog . At the current pace, 2026 is on track to fall below 2025's 5,708 CVEs — with an estimated 4,829 CVEs projected for the full year. A further 461 CVEs are still awaiting NVD severity scoring. This page updates daily as new CVEs are published.
Monthly CVE Breakdown — 2026
CVEs published per month with severity breakdown
May (1,043) was the most active month in 2026. Together the top months account for a significant share of 2026's 2,117 total CVEs. June (40) had the lowest volume.
Severity Distribution — 2026
Breakdown across 2,117 CVEs
43% Medium · 31% High · 3% Critical. 461 CVEs (22%) still awaiting NVD scoring.
Monthly Counts — 2026
CVE counts by month and severity
May was the most active month with 1,043 CVEs — 49% of 2026's total. June (40) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 247 | 0 | 42 | 115 | 2 |
12%
|
| February | 223 | 1 | 46 | 140 | 0 |
11%
|
| March | 182 | 2 | 62 | 116 | 0 |
9%
|
| April | 382 | 27 | 162 | 193 | 0 |
18%
|
| May | 1,043 | 42 | 340 | 346 | 2 |
49%
|
| June | 40 | 2 | 13 | 3 | 0 |
2%
|
| Total | 2,117 | 74 | 665 | 913 | 4 |
Actively exploited CVEs — 2026
1 CVE confirmed in CISA KEV catalog
All CVEs — 2026
2117 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2026-46275 | linux | Awaiting NVD | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions i… | |
| CVE-2025-71315 | linux | Awaiting NVD | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkm… | |
| CVE-2026-46274 | linux | Awaiting NVD | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_w… | |
| CVE-2025-71314 | linux | Awaiting NVD | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches(… | |
| CVE-2026-46246 | linux | Awaiting NVD | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for e… | |
| CVE-2026-46252 | linux | Awaiting NVD | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_s… | |
| CVE-2026-46262 | linux | Awaiting NVD | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr… | |
| CVE-2026-46245 | linux | Awaiting NVD | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD i… | |
| CVE-2026-46255 | linux | Awaiting NVD | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clock… | |
| CVE-2025-71313 | linux | Awaiting NVD | — | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_wor… |
2026 Linux Kernel CVE Highlights
-
Large backlog awaiting NVD scoring
461 of 2026's CVEs (22%) are still listed as "Awaiting NVD" — meaning no CVSS score has been assigned yet. This is typical for bulk-published CVEs from the Linux kernel CNA: the kernel team publishes CVEs rapidly, and NVD scoring lags by weeks or months.
-
Monthly variation
CVE publication in 2026 was uneven across months. May was the most active with 1,043 CVEs. June (40) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.