In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_policy: fix strict mode inbound policy matching
matchpolicyin() walks sec_path entries from the last transform to the first one, but strict policy matching needs to consume info->pol[] in the same forward order as the rule layout.
Derive the strict-match policy position from the number of transforms already consumed so that multi-element inbound rules are matched consistently.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52920.json",
"cna_assigner": "Linux"
}