In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: add missing netlinknscapable() check for peer netns
rtnlnewlink() lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allows an unprivileged user with a user namespace to create interfaces in arbitrary network namespaces, including initnet.
Add a netlinknscapable() check for CAPNETADMIN in the peer namespace before allowing device creation to proceed.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31692.json"
}