In the Linux kernel, the following vulnerability has been resolved:
fuse: reject fuse_notify() pagecache ops on directories
The operations FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE allow the FUSE daemon to actively write/read pagecache contents.
For directories with FOPENCACHEDIR, the pagecache is used as kernel-internal cache storage, and userspace is not supposed to have direct access to this cache - in particular, fuseparsecache() will hit WARN_ON() if the cache contains bogus data.
Reject FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE on anything other than regular files with -EINVAL.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53168.json",
"cna_assigner": "Linux"
}