CVE-2026-25702
CriticalA Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
CVSS 3.1 score
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness type
CWE-284CVE-2026-25702 is a Improper Access Control vulnerability
What is Improper Access Control?
The product does not restrict or incorrectly restricts access to a resource from an unauthorised actor. Learn more on MITRE CWE
References
The following references provide additional information about CVE-2026-25702 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
Broken Link
Frequently asked questions
-
What is CVE-2026-25702?
CVE-2026-25702 is a Critical severity Linux kernel vulnerability with a CVSS score of 9.8 out of 10 , classified as an Improper Access Control flaw (CWE-284) . CVE-2026-25702 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2026-25702?
CVE-2026-25702 has a CVSS score of 9.8 out of 10, rated Critical severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. -
Is there a patch available for CVE-2026-25702?
No patch is currently available for CVE-2026-25702. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2026-25702 actively exploited?
No — CVE-2026-25702 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
-
What is Improper Access Control (CWE-284)?
The product does not restrict or incorrectly restricts access to a resource from an unauthorised actor. View CWE-284 on MITRE CWE →