The Bottom Line: A critical kernel vulnerability (CVE-2026-23111) in nf_tables code enables container escape and root escalation; a public exploit already exists.
The Use-After-Free vulnerability CVE-2026-23111 in the Linux kernel allows unprivileged local users to escalate to root privileges and break out of containers. A functional exploit has been publicly available since June 8.
The security company Exodus Intelligence published a detailed technical analysis with a functional exploit for CVE-2026-23111 on June 8, 2026. The vulnerability resides in the nf_tables code of the Linux kernel and was already addressed on February 5, 2026 through an upstream patch.
The Use-After-Free type vulnerability allows an unprivileged local user to escalate their privileges to root level and thus also break out of container isolation. This presents a significant security risk, as local attackers or compromised applications can gain complete control over the system.
For CISOs, the public availability of the exploit is a critical signal: systems that have not yet been updated to kernel versions from February 2026 or later must be classified as immediately at risk. The situation in container environments requires particular attention, as escape there represents a basis for lateral movement.
Source: thehackernews.com · Published June 8, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.6.5.