CVE-2026-23111 — a one-character logic error in nf_tables — can turn an unprivileged local account into root and let a container escape, and public exploit code for it is now available.
The bug, the fix, and the timeline
The vulnerability sits in the Linux kernel's nf_tables packet-filtering code and was patched upstream on February 5, 2026. The upstream fix removed a single stray, inverted check in nf_tables "in one line of code," according to the published account. Exodus Intelligence released a full technical walkthrough on June 8, and an independent reproduction and exploit by FuzzingLabs appeared publicly on April 16.
Exodus researcher Oliver Sieber discovered the bug in early 2025 and chained the use-after-free into a working local-root exploit. FuzzingLabs reproduced the flaw on RHEL 10 and built its own route to root. The public timeline therefore runs: upstream fix February 5, FuzzingLabs publication April 16, and Exodus's detailed write-up June 8.
How the exploit works — the reachable setup
The vulnerability is a local use-after-free in nf_tables that an attacker can reach when two conditions exist together: nf_tables (the kernel packet-filtering component) and unprivileged user namespaces. Both features ship by default on most desktops and many server builds. There is no remote vector on its own; rather, the bug is a post-foothold escalation: an attacker with a low-privileged shell, a compromised container, or a service account can use the flaw to escalate to root on the host.
According to the published analyses, the exploit triggers the use-after-free, works around kernel memory protections, seizes control of execution, grants itself root, and breaks out of the container namespace. Exodus demonstrated the full chain on Debian Bookworm, Debian Trixie, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS; FuzzingLabs reproduced it on RHEL 10.
Who is patched, and where to look
Ubuntu rates the flaw CVSS 7.8 (high). The patch landed upstream February 5; distributions that shipped a vulnerable kernel with both nf_tables and unprivileged user namespaces enabled are exposed unless distribution-specific hardening or namespace restrictions block the path.
Ubuntu has fixes for 22.04, 24.04, and 25.10. Debian fixed Bookworm and Trixie and provided a 6.1 backport for Bullseye LTS. Red Hat, SUSE, and Amazon Linux are tracking the flaw as well; administrators should check their distribution advisories for the exact fixed kernel package that matches their kernel build, because the fixed package version varies by distribution and release.
Context: part of a larger local privilege-escalation wave
CVE-2026-23111 arrives amid a run of Linux local-root disclosures. Recent weeks included vulnerabilities and chains named Copy Fail, the Dirty Frag chain and its Fragnesia variant, DirtyDecrypt, and a nine-year-old ptrace flaw that reads /etc/shadow and runs commands as root. Synacktiv has linked the pace of disclosures to "AI-assisted research and patch-diffing" that yields working exploits before fixes have fully propagated, and also argued that ordinary hardening — removing or restricting optional features — can buy defenders time.
What this means for technologists, distribution maintainers, and administrators
- Technologists and security teams: Prioritize kernel package updates and reboots for systems that allow untrusted users or workloads to create unprivileged user namespaces; the advisory advice is blunt and consistent: update the kernel and reboot. Focus first on hosts that permit user namespaces, since the bug is local-only and requires that capability.
- Distribution maintainers: Confirm that your advisories map to the exact kernel package versions in each release; the fix is upstream but the fixed package differs across distributions and backports. Note that upstream's change was a single-line removal, but the shipping kernel version is what matters to users.
- Administrators of desktop and server fleets: Treat systems with default desktops or server builds as potentially vulnerable, since nf_tables plus unprivileged user namespaces ship by default on many installs. Check vendor advisories for Ubuntu, Debian, Red Hat, SUSE, and Amazon Linux and apply the fixes and reboots promptly.
There are no public reports of exploitation in the wild and no known ties to any threat actor; exploit code has been public since April while the upstream patch has been available since February. That gap makes prompt patching the clearest and most immediate control: if your distribution's kernel package does not yet include the fix, update and reboot.
