{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-46172/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-46172"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["ipv6","denial-of-service","CVE-2026-46172"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-46172 is a reported vulnerability impacting the IPv6 implementation related to the \u003ccode\u003exfrm6_rcv_encap()\u003c/code\u003e function. The specific details of the vulnerability are not described in the provided source, but the title indicates it involves releasing the destination (\u003ccode\u003edst\u003c/code\u003e) on error within the \u003ccode\u003exfrm6_rcv_encap()\u003c/code\u003e function. This type of error could lead to a denial-of-service if an attacker can trigger the error condition repeatedly. More information is needed to understand the full scope and impact of this vulnerability. Defenders should monitor for unusual activity involving IPv6 traffic and consider applying any available patches or mitigations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eDue to the limited information, a detailed attack chain cannot be constructed. However, a general attack chain based on the vulnerability description can be proposed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious IPv6 packet.\u003c/li\u003e\n\u003cli\u003eThe packet is sent to a vulnerable system.\u003c/li\u003e\n\u003cli\u003eThe system processes the packet and calls the \u003ccode\u003exfrm6_rcv_encap()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eAn error condition is triggered within \u003ccode\u003exfrm6_rcv_encap()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe destination (\u003ccode\u003edst\u003c/code\u003e) is released prematurely due to the error.\u003c/li\u003e\n\u003cli\u003eSubsequent packets relying on the released destination may cause a crash.\u003c/li\u003e\n\u003cli\u003eRepeated triggering of the vulnerability leads to a denial-of-service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-46172 could lead to a denial-of-service (DoS) condition. The lack of specific details limits the ability to determine the scope and severity of the impact. Further analysis is required to assess the potential for remote code execution or other more severe consequences. The number of affected systems and sectors is unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInvestigate and apply any available patches or mitigations for CVE-2026-46172 from Microsoft.\u003c/li\u003e\n\u003cli\u003eMonitor IPv6 traffic for unusual patterns or malformed packets that could trigger the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect potential exploitation attempts targeting CVE-2026-46172.\u003c/li\u003e\n\u003cli\u003eEnable detailed logging of IPv6 traffic to facilitate investigation of potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T07:24:38Z","date_published":"2026-05-29T07:24:38Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46172/","summary":"CVE-2026-46172 is a vulnerability related to ipv6: xfrm6: release dst on error in xfrm6_rcv_encap(), potentially leading to a denial-of-service condition.","title":"CVE-2026-46172 Vulnerability in IPv6 xfrm6_rcv_encap()","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46172/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-46172","version":"https://jsonfeed.org/version/1.1"}