{"api_version":"1","generated_at":"2026-05-08T04:10:28+00:00","cve":"CVE-2026-43060","urls":{"html":"https://cve.report/CVE-2026-43060","api":"https://cve.report/api/cve/CVE-2026-43060.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-43060","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-43060"},"summary":{"title":"netfilter: nft_ct: drop pending enqueued packets on removal","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: drop pending enqueued packets on removal\n\nPackets sitting in nfqueue might hold a reference to:\n\n- templates that specify the conntrack zone, because a percpu area is\n  used and module removal is possible.\n- conntrack timeout policies and helper, where object removal leave\n  a stale reference.\n\nSince these objects can just go away, drop enqueued packets to avoid\nstale reference to them.\n\nIf there is a need for finer grain removal, this logic can be revisited\nto make selective packet drop upon dependencies.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-05 16:16:15","updated_at":"2026-05-06 13:08:07"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/77da55dee67720e2b8d2db49a53334e6c017ee7b","name":"https://git.kernel.org/stable/c/77da55dee67720e2b8d2db49a53334e6c017ee7b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ab50302190b303f847c4eba0e31a01a56dec596e","name":"https://git.kernel.org/stable/c/ab50302190b303f847c4eba0e31a01a56dec596e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/6802ff8beceb9c4254318e81c1395720438f2cc2","name":"https://git.kernel.org/stable/c/6802ff8beceb9c4254318e81c1395720438f2cc2","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/8a64e76933672b08bd85b63086f33432070fd729","name":"https://git.kernel.org/stable/c/8a64e76933672b08bd85b63086f33432070fd729","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/36eae0956f659e48d5366d9b083d9417f3263ddc","name":"https://git.kernel.org/stable/c/36eae0956f659e48d5366d9b083d9417f3263ddc","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/e68a8db3a0546482b34e9ca5ca886bcf73eb37bb","name":"https://git.kernel.org/stable/c/e68a8db3a0546482b34e9ca5ca886bcf73eb37bb","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f29a055e4f593e577805b41228b142b58f48df1b","name":"https://git.kernel.org/stable/c/f29a055e4f593e577805b41228b142b58f48df1b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/3da0b946835f33bf36b459ead764c61a761e689b","name":"https://git.kernel.org/stable/c/3da0b946835f33bf36b459ead764c61a761e689b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-43060","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43060","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7e0b2b57f01d183e1c84114f1f2287737358d748 8a64e76933672b08bd85b63086f33432070fd729 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7e0b2b57f01d183e1c84114f1f2287737358d748 3da0b946835f33bf36b459ead764c61a761e689b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7e0b2b57f01d183e1c84114f1f2287737358d748 ab50302190b303f847c4eba0e31a01a56dec596e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7e0b2b57f01d183e1c84114f1f2287737358d748 e68a8db3a0546482b34e9ca5ca886bcf73eb37bb git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7e0b2b57f01d183e1c84114f1f2287737358d748 6802ff8beceb9c4254318e81c1395720438f2cc2 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7e0b2b57f01d183e1c84114f1f2287737358d748 f29a055e4f593e577805b41228b142b58f48df1b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7e0b2b57f01d183e1c84114f1f2287737358d748 77da55dee67720e2b8d2db49a53334e6c017ee7b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7e0b2b57f01d183e1c84114f1f2287737358d748 36eae0956f659e48d5366d9b083d9417f3263ddc git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.19","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.19 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.253 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.203 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.167 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.130 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.78 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.20 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.10 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/netfilter/nft_ct.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"8a64e76933672b08bd85b63086f33432070fd729","status":"affected","version":"7e0b2b57f01d183e1c84114f1f2287737358d748","versionType":"git"},{"lessThan":"3da0b946835f33bf36b459ead764c61a761e689b","status":"affected","version":"7e0b2b57f01d183e1c84114f1f2287737358d748","versionType":"git"},{"lessThan":"ab50302190b303f847c4eba0e31a01a56dec596e","status":"affected","version":"7e0b2b57f01d183e1c84114f1f2287737358d748","versionType":"git"},{"lessThan":"e68a8db3a0546482b34e9ca5ca886bcf73eb37bb","status":"affected","version":"7e0b2b57f01d183e1c84114f1f2287737358d748","versionType":"git"},{"lessThan":"6802ff8beceb9c4254318e81c1395720438f2cc2","status":"affected","version":"7e0b2b57f01d183e1c84114f1f2287737358d748","versionType":"git"},{"lessThan":"f29a055e4f593e577805b41228b142b58f48df1b","status":"affected","version":"7e0b2b57f01d183e1c84114f1f2287737358d748","versionType":"git"},{"lessThan":"77da55dee67720e2b8d2db49a53334e6c017ee7b","status":"affected","version":"7e0b2b57f01d183e1c84114f1f2287737358d748","versionType":"git"},{"lessThan":"36eae0956f659e48d5366d9b083d9417f3263ddc","status":"affected","version":"7e0b2b57f01d183e1c84114f1f2287737358d748","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/netfilter/nft_ct.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"4.19"},{"lessThan":"4.19","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.253","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.203","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.167","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.130","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.78","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.20","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.10","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.253","versionStartIncluding":"4.19","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.203","versionStartIncluding":"4.19","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.167","versionStartIncluding":"4.19","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.130","versionStartIncluding":"4.19","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.78","versionStartIncluding":"4.19","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.20","versionStartIncluding":"4.19","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.10","versionStartIncluding":"4.19","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"4.19","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: drop pending enqueued packets on removal\n\nPackets sitting in nfqueue might hold a reference to:\n\n- templates that specify the conntrack zone, because a percpu area is\n  used and module removal is possible.\n- conntrack timeout policies and helper, where object removal leave\n  a stale reference.\n\nSince these objects can just go away, drop enqueued packets to avoid\nstale reference to them.\n\nIf there is a need for finer grain removal, this logic can be revisited\nto make selective packet drop upon dependencies."}],"providerMetadata":{"dateUpdated":"2026-05-05T15:17:26.393Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/8a64e76933672b08bd85b63086f33432070fd729"},{"url":"https://git.kernel.org/stable/c/3da0b946835f33bf36b459ead764c61a761e689b"},{"url":"https://git.kernel.org/stable/c/ab50302190b303f847c4eba0e31a01a56dec596e"},{"url":"https://git.kernel.org/stable/c/e68a8db3a0546482b34e9ca5ca886bcf73eb37bb"},{"url":"https://git.kernel.org/stable/c/6802ff8beceb9c4254318e81c1395720438f2cc2"},{"url":"https://git.kernel.org/stable/c/f29a055e4f593e577805b41228b142b58f48df1b"},{"url":"https://git.kernel.org/stable/c/77da55dee67720e2b8d2db49a53334e6c017ee7b"},{"url":"https://git.kernel.org/stable/c/36eae0956f659e48d5366d9b083d9417f3263ddc"}],"title":"netfilter: nft_ct: drop pending enqueued packets on removal","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-43060","datePublished":"2026-05-05T15:17:26.393Z","dateReserved":"2026-05-01T14:12:55.981Z","dateUpdated":"2026-05-05T15:17:26.393Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-05 16:16:15","lastModifiedDate":"2026-05-06 13:08:07","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"43060","Ordinal":"1","Title":"netfilter: nft_ct: drop pending enqueued packets on removal","CVE":"CVE-2026-43060","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"43060","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: drop pending enqueued packets on removal\n\nPackets sitting in nfqueue might hold a reference to:\n\n- templates that specify the conntrack zone, because a percpu area is\n  used and module removal is possible.\n- conntrack timeout policies and helper, where object removal leave\n  a stale reference.\n\nSince these objects can just go away, drop enqueued packets to avoid\nstale reference to them.\n\nIf there is a need for finer grain removal, this logic can be revisited\nto make selective packet drop upon dependencies.","Type":"Description","Title":"netfilter: nft_ct: drop pending enqueued packets on removal"}]}}}