What is CVE-2026-46072?

CVE-2026-46072 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15 onward and patched in 5.15.209, 6.1.175, 6.6.140 and others. CVE-2026-46072 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46072?

CVE-2026-46072 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46072?

Yes, CVE-2026-46072 has been patched. Fixed versions include 5.15.209, 6.1.175, 6.6.140 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46072 actively exploited?

CVE-2026-46072 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46072

In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to run_unpack() run_unpack() checks `run_buf < run_last` at the top of the while loop but then reads size_size and offset_size bytes via run_unpack_s64() without verifying they fit within the remaining buffer. A crafted NTFS image with truncated run data in an MFT attribute triggers an OOB heap read of up to 15 bytes when the filesystem is mounted. Add boundary checks before each run_unpack_s64() call to ensure the declared field size does not exceed the remaining buffer. Found by fuzzing with a source-patched harness (LibAFL + QEMU).

Package Linux Kernel

Published 2026-05-27

Last modified 2026-06-01

Patch available

Yes

Affected versions

Linux kernel versions 5.15 and later are affected. Fixed in 5.15.209, 6.1.175, 6.6.140, 6.12.86, 6.18.27, 7.0.4, 7.1-rc1 and their respective stable series.

Affected from

≥ 5.15

Fixed in

✓ 5.15.209 5.15.x ✓ 6.1.175 6.1.x ✓ 6.6.140 6.6.x ✓ 6.12.86 6.12.x ✓ 6.18.27 6.18.x ✓ 7.0.4 7.0.x ✓ 7.1-rc1

References

The following references provide additional information about CVE-2026-46072 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/41aadf5cb482793a24e05aa136224e179a778586
Patch
Kernel patch commit
https://git.kernel.org/stable/c/425de2aba0d061b3e715d51a3b1992c112ed5b99
Patch
Kernel patch commit
https://git.kernel.org/stable/c/b62567bca47408e6739dee75f02a2113548af875
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46072?

CVE-2026-46072 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15 onward and has been patched in 5.15.209, 6.1.175, 6.6.140 and others. CVE-2026-46072 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46072?

Yes — CVE-2026-46072 has been patched. Fixed versions include 5.15.209, 6.1.175, 6.6.140 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46072 actively exploited?

No — CVE-2026-46072 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.