pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp (src/peerlookup.c:134, prior to the fix) allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then dereference past the end of the allocation. This vulnerability is fixed in 0.2.0-alpha.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43916.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-125",
"CWE-191"
]
}