CVSS 9.43 sources verified·1 min read
By Lyrie Threat Intelligence·5/11/2026
CRITICAL: CVE-2026-43383 (CVSS 9.4) — multiple products
CVE: CVE-2026-43383
CVSS: 9.4 (3.1) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Severity: CRITICAL
Status: Critical advisory
Affected
_See vendor advisory_
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/tcp-md5: Fix MAC comparison to be constant-time
To prevent timing attacks, MACs need to be compared in constant
time. Use the appropriate helper function for this.
Verified Sources
References
- https://git.kernel.org/stable/c/02669e2a4d207068edce7e8b5fafd85822018ce6
- https://git.kernel.org/stable/c/345a9530756528d7ca407663d659c3c40e75c3dd
- https://git.kernel.org/stable/c/46d0d6f50dab706637f4c18a470aac20a21900d3
- https://git.kernel.org/stable/c/5d305a95130a8d08b9545e47f1e18d29d59866cb
- https://git.kernel.org/stable/c/821c8751fdeecdeecabeb11704dd33439c9e4bbc
- https://git.kernel.org/stable/c/ae3831b44f477de048287493e184fc3ff913b624
- https://git.kernel.org/stable/c/b502e97e29d791ff7a8051f29a414535739be218
_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._
Lyrie Verdict
A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.
Validated sources
- [1]NVD
- [2]GitHub Advisory
- [3]MITRE