cve-2026-31704

CVE-2026-31704 is a Linux kernel ksmbd vulnerability disclosed in early May 2026 and fixed in stable kernel patches. The flaw involves unchecked 16-bit DACL size accumulation in SMB ACL handling, which can wrap past 65,535 bytes and corrupt the access-control buffer on affected systems. While not a classic Windows bug, it impacts Windows file-sharing environments because SMB is now a cross-platform protocol. WindowsForum readers running Linux SMB services through ksmbd should treat kernel updates as critical file-server security updates. The vulnerability highlights that SMB security extends beyond Microsoft systems, requiring vigilance across mixed environments.