cve-2026-43088

CVE-2026-43088 is a Linux kernel information-disclosure vulnerability published on May 6, 2026, affecting PF_KEY export messages that can expose four uninitialized padding bytes from IPv6 sockaddr data in IPsec-related paths. While not a Windows kernel bug, it impacts environments where Linux workloads run alongside Windows, including WSL, containers, and appliances. The severity remains unsettled as NVD has not yet assigned a CVSS score. This tag covers discussions about the flaw's technical details, its relevance to mixed Windows-Linux infrastructure, and the broader lesson that security risks often hide in compatibility layers and vendor kernels.