CVE-2026-31890
CVE-2026-31890 is a medium-severity vulnerability in Linuxfoundation Inspektor Gadget with a CVSS 3.x base score of 5.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-223.
Key facts
- Severity: Medium (CVSS 3.x base score 5.5)
- CVSS v4: 4.8
- EPSS exploit prediction: 0% (4th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-11641
- Weakness: CWE-223
- Affected product: Linuxfoundation Inspektor Gadget
- Published:
- Last modified:
Description
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers – the modern choice – is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1.
Frequently asked questions
- What is CVE-2026-31890?
- Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers – the modern choice – is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1.
- How severe is CVE-2026-31890?
- CVE-2026-31890 has a CVSS 3.x base score of 5.5, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2026-31890 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (4th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-31890?
- CVE-2026-31890 affects Linuxfoundation Inspektor Gadget. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-31890?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-31890 have an EU (EUVD) identifier?
- Yes. CVE-2026-31890 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-11641.
- When was CVE-2026-31890 published?
- CVE-2026-31890 was published on 2026-03-12 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:linuxfoundation:inspektor_gadget:*:*:*:*:*:*:*:*
More vulnerabilities in Linuxfoundation Inspektor Gadget
- CVE-2026-25996 — Critical (CVSS 9.8): Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and…
- CVE-2026-24905 — High (CVSS 7.8): Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and…
All CVEs affecting Linuxfoundation Inspektor Gadget →
Other CWE-223 vulnerabilities
- CVE-2023-31191 — Critical (CVSS 9.3): DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through…
- CVE-2023-29156 — Medium (CVSS 4.7): DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability…
- CVE-2022-22563 — Medium (CVSS 4.4): Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged…
- CVE-2024-52813 — Medium (CVSS 4.3): matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust…
- CVE-2023-28360 — Medium (CVSS 4.3): An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a…
- CVE-2025-52926 — Low (CVSS 2.7): In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user…