CVE-2026-46172 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2026-46172/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 29 May 2026 07:24:38 +0000CVE-2026-46172 Vulnerability in IPv6 xfrm6_rcv_encap()https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46172/Fri, 29 May 2026 07:24:38 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-cve-2026-46172/CVE-2026-46172 is a vulnerability related to ipv6: xfrm6: release dst on error in xfrm6_rcv_encap(), potentially leading to a denial-of-service condition.CVE-2026-46172 is a reported vulnerability impacting the IPv6 implementation related to the xfrm6_rcv_encap() function. The specific details of the vulnerability are not described in the provided source, but the title indicates it involves releasing the destination (dst) on error within the xfrm6_rcv_encap() function. This type of error could lead to a denial-of-service if an attacker can trigger the error condition repeatedly. More information is needed to understand the full scope and impact of this vulnerability. Defenders should monitor for unusual activity involving IPv6 traffic and consider applying any available patches or mitigations.

Attack Chain

Due to the limited information, a detailed attack chain cannot be constructed. However, a general attack chain based on the vulnerability description can be proposed:

  1. An attacker crafts a malicious IPv6 packet.
  2. The packet is sent to a vulnerable system.
  3. The system processes the packet and calls the xfrm6_rcv_encap() function.
  4. An error condition is triggered within xfrm6_rcv_encap().
  5. The destination (dst) is released prematurely due to the error.
  6. Subsequent packets relying on the released destination may cause a crash.
  7. Repeated triggering of the vulnerability leads to a denial-of-service.

Impact

Successful exploitation of CVE-2026-46172 could lead to a denial-of-service (DoS) condition. The lack of specific details limits the ability to determine the scope and severity of the impact. Further analysis is required to assess the potential for remote code execution or other more severe consequences. The number of affected systems and sectors is unknown.

Recommendation

  • Investigate and apply any available patches or mitigations for CVE-2026-46172 from Microsoft.
  • Monitor IPv6 traffic for unusual patterns or malformed packets that could trigger the vulnerability.
  • Deploy the Sigma rule to detect potential exploitation attempts targeting CVE-2026-46172.
  • Enable detailed logging of IPv6 traffic to facilitate investigation of potential exploitation attempts.
]]>mediumadvisoryipv6denial-of-serviceCVE-2026-46172