cve-2026-46158

CVE-2026-46158 is a Linux kernel vulnerability involving a reference-count leak in Multipath TCP's handling of retransmitted ADD_ADDR messages. Published on May 28, 2026, this bug affects the MPTCP path-manager socket timer cleanup. While not a remote-code-execution flaw, it represents a kernel maintenance issue relevant to administrators managing Linux workloads, appliances, WSL environments, or mixed Windows/Linux infrastructure. Small lifecycle errors in networking code can accumulate into operational risk over time. The vulnerability has not yet received a CVSS score from NVD. Discussions on WindowsForum cover the technical details and implications for systems relying on MPTCP, particularly in environments where Linux and Windows coexist.