Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2026-39402
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | CVE-2026-39402 | 5 May 202620:45 | – | attackerkb |
 | CVE-2026-39402 | 5 May 202620:45 | – | alpinelinux |
 | CVE-2026-39402 | 6 May 202601:41 | – | circl |
 | LXC 安全漏洞 | 5 May 202600:00 | – | cnnvd |
 | CVE-2026-39402 | 5 May 202620:45 | – | cve |
 | CVE-2026-39402 lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion | 5 May 202620:45 | – | cvelist |
 | CVE-2026-39402 | 5 May 202620:45 | – | debiancve |
 | EUVD-2026-27497 | 5 May 202620:45 | – | euvd |
 | Updated lxc packages fix security vulnerability | 4 Jun 202605:19 | – | mageia |
 | CVE-2026-39402 | 5 May 202621:16 | – | nvd |
10
| Source | Link |
|---|---|
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2026-39402 |
| ubuntu | www.ubuntu.com/security/CVE-2026-39402 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(311269);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/22");
script_cve_id("CVE-2026-39402");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-39402");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw
in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces
belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a deletion request,
the interface name comparison can set the authorization flag based on a name match alone, even when the
ownership, type, and link fields in that database entry belong to a different user. The vulnerable check
sits after the goto next label handling, meaning it is reachable on lines where earlier ownership checks
failed or were skipped. Because nothing downstream of this authorization signal re-verifies that the
matched database line actually belongs to the caller, an unprivileged attacker with a valid lxc-usernet
policy entry can trigger deletion of another user's OVS port on the same bridge. This is limited to multi-
tenant environments using lxc-user-nic with OpenVSwitch bridges. The impact is denial of service - one
tenant can repeatedly disconnect networking from containers run by another tenant on shared
infrastructure. This is patched in version 7.0.0. (CVE-2026-39402)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-39402");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2026-39402");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:U/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-39402");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lxc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lxc");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.10");
exit(0);
}
if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);
include('linux_unpatched.inc');
var distro_constraints_array = {
"Debian Linux-11": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "11",
"pkgs": [
{"reference": "liblxc1"},
{"reference": "libpam-cgfs"},
{"reference": "lxc"},
{"reference": "lxc-dev"},
{"reference": "lxc-tests"}
]
}
]
},
"Ubuntu Linux-14.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "14.04",
"pkgs": [
{"reference": "liblxc1"},
{"reference": "lxc"},
{"reference": "lxc-dbg"},
{"reference": "lxc-dev"},
{"reference": "lxc-templates"},
{"reference": "lxc-tests"},
{"reference": "python3-lxc"}
]
}
]
},
"Ubuntu Linux-16.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "16.04",
"pkgs": [
{"reference": "liblxc1"},
{"reference": "lua-lxc"},
{"reference": "lxc"},
{"reference": "lxc-common"},
{"reference": "lxc-dev"},
{"reference": "lxc-templates"},
{"reference": "lxc-tests"},
{"reference": "lxc1"},
{"reference": "python3-lxc"}
]
}
]
},
"Ubuntu Linux-18.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "18.04",
"pkgs": [
{"reference": "liblxc-common"},
{"reference": "liblxc-dev"},
{"reference": "liblxc1"},
{"reference": "libpam-cgfs"},
{"reference": "lxc"},
{"reference": "lxc-dev"},
{"reference": "lxc-utils"},
{"reference": "lxc1"}
]
}
]
},
"Ubuntu Linux-20.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "20.04",
"pkgs": [
{"reference": "lxc"}
]
}
]
},
"Ubuntu Linux-22.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "22.04",
"pkgs": [
{"reference": "lxc"}
]
}
]
},
"Ubuntu Linux-24.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "24.04",
"pkgs": [
{"reference": "lxc"}
]
}
]
},
"Ubuntu Linux-25.10": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "25.10",
"pkgs": [
{"reference": "lxc"}
]
}
]
}
};
var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);
if (!empty_or_null(report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : report
);
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 May 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.16.5
CVSS 44.3
EPSS0.00013
SSVC