What is CVE-2026-46069?

CVE-2026-46069 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.0 onward and patched in 6.6.140, 6.12.86, 6.18.27 and others. CVE-2026-46069 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46069?

CVE-2026-46069 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46069?

Yes, CVE-2026-46069 has been patched. Fixed versions include 6.6.140, 6.12.86, 6.18.27 and others. If you are running Linux kernel 4.0 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46069 actively exploited?

CVE-2026-46069 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46069

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() The mwifiex_adapter_cleanup() function uses timer_delete() (non-synchronous) for the wakeup_timer before the adapter structure is freed. This is incorrect because timer_delete() does not wait for any running timer callback to complete. If the wakeup_timer callback (wakeup_timer_fn) is executing when mwifiex_adapter_cleanup() is called, the callback will continue to access adapter fields (adapter->hw_status, adapter->if_ops.card_reset, etc.) which may be freed by mwifiex_free_adapter() called later in the mwifiex_remove_card() path. Use timer_delete_sync() instead to ensure any running timer callback has completed before returning.

Package Linux Kernel

Published 2026-05-27

Last modified 2026-05-27

Patch available

Yes

Affected versions

Linux kernel versions 4.0 and later are affected. Fixed in 6.6.140, 6.12.86, 6.18.27, 7.0.4, 7.1-rc1 and their respective stable series.

Affected from

≥ 4.0

Fixed in

✓ 6.6.140 6.6.x ✓ 6.12.86 6.12.x ✓ 6.18.27 6.18.x ✓ 7.0.4 7.0.x ✓ 7.1-rc1

References

The following references provide additional information about CVE-2026-46069 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/030abbae49cf9fd1fba7aa08e15ec81efbeb78cf
Patch
Kernel patch commit
https://git.kernel.org/stable/c/11869ce402d95519d49b25a2a97741f68d69d103
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4e179a60a60c0a5aea245e8e67768343c0f070b8
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46069?

CVE-2026-46069 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.0 onward and has been patched in 6.6.140, 6.12.86, 6.18.27 and others. CVE-2026-46069 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46069?

Yes — CVE-2026-46069 has been patched. Fixed versions include 6.6.140, 6.12.86, 6.18.27 and others. If you are running Linux kernel 4.0 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46069 actively exploited?

No — CVE-2026-46069 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.