One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Security researchers at Exodus Intelligence have released a full technical walkthrough and working exploit for CVE-2026-23111, a use-after-free vulnerability in the Linux kernel's nf_tables packet-filtering subsystem. The flaw enables an unprivileged local user to escalate privileges to root and break out of a container. The vulnerability was patched upstream on February 5, 2026, but the public disclosure of exploit code on June 8, 2026, increases the urgency for system administrators to apply updates. The exploit targets a race condition in the nf_tables code, which is widely used for firewall and packet filtering. Organizations running unpatched kernels—especially those using containers—are at high risk of compromise. The vulnerability is particularly dangerous because it can be triggered from within a container, allowing an attacker to escape to the host system. Administrators should verify that their kernel versions include the fix and prioritize patching affected systems.
Unpatched systems risk local root compromise and container escape via a publicly available exploit.