cve-2026-46046

CVE-2026-46046 is a Linux kernel ext4 vulnerability caused by a missing brelse() call in ext4_xattr_inode_dec_ref_all(), which can leak a buffer-head reference after an extended-attribute hardening change. Published by NVD on May 27, 2026 from kernel.org, this bug affects the ext4 filesystem, the default for many servers, cloud images, and embedded devices. While not a dramatic exploit, it highlights how filesystem security depends on careful resource accounting. Discussions on WindowsForum.com cover the technical details of the fix and why this CVE matters for Linux systems, even though the site primarily focuses on Windows topics.