CVE-2026-52911

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description In the ksmbd module, a flaw exists where the conn->binding flag remains set after a SESSION SETUP call. Because this flag is connection-wide, the global session lookup function ksmbd session lookup all() can resolve any session by ID, even if the session was not added to conn->sessions. This allows connections that have not bound to a specific session to potentially reach it via the global table.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.