CVE-2026-31496: Netfilter conntrack expectation leak across Linux network namespaces

The Linux kernel's latest netfilter vulnerability, tracked as CVE-2026-31496, is a small-sounding change with outsized importance for anyone who relies on conntrack visibility in production. The bug lives in nf_conntrack_expect, the subsystem that handles connection tracking expectations—a feature used by protocols like FTP, SIP, or H.323 that open dynamic ports. Under specific conditions, a process in one network namespace could observe conntrack expectations belonging to another namespace, breaking the isolation that namespaces are supposed to guarantee.

The mechanics of the leak

The flaw resides in the procfs interface for conntrack expectations. When a user reads /proc/net/nf_conntrack_expect, the kernel iterates over all expectations and displays them. The bug occurs because the iteration logic did not properly filter expectations by the namespace of the reader. In certain kernel configurations or after specific operations, expectations from other namespaces could appear in the output.

This is not a hypothetical scenario. In containerized environments where each container runs in its own network namespace, an attacker with local access to a container could read conntrack expectations from the host or other containers. The leaked information includes the tuple (source/destination IPs and ports) of the expected connection, the protocol, and the timeout. This metadata can reveal internal network topology, active services, and communication patterns.

Practical impact on real systems

Consider a Kubernetes cluster running a stateful application that uses FTP for data transfer. The FTP control connection creates a conntrack expectation for the data channel. An attacker who compromises a pod could read /proc/net/nf_conntrack_expect and see the IP addresses and ports of the FTP data connection, potentially allowing them to intercept or hijack the data stream.

Similarly, in a multi-tenant cloud environment, a malicious tenant could enumerate conntrack expectations of other tenants. While the exploit does not provide direct access to packet payloads, the metadata leak is valuable for reconnaissance. Attackers can map internal services, identify vulnerable targets, and plan further attacks.

Affected versions and configuration

The vulnerability affects Linux kernel versions from 2.6.18 (when conntrack expectations were introduced) up to and including 6.12. The bug is present in all kernels that have not applied the fix commit. The issue is particularly relevant for systems that:

• Use network namespaces (containers, LXC, systemd-nspawn)
• Have CONFIG_NF_CONNTRACK_PROCFS enabled (it is by default on many distributions)
• Run protocols that generate conntrack expectations (FTP, SIP, H.323, PPTP, etc.)

Notably, if the kernel is built without CONFIG_NF_CONNTRACK_PROCFS, the procfs interface is not available, and the information leak does not occur. However, many enterprise distributions still enable this option for monitoring and debugging.

The fix and how to apply it

The fix, committed by Pablo Neira Ayuso, adds proper namespace filtering to the procfs show function. The commit message states: "nf_conntrack_expect: fix expectation leak in procfs" and modifies the seq_file operations to check the namespace of the reader against the namespace of each expectation. Only expectations belonging to the same namespace are displayed.

To protect your systems:

1. Apply the kernel patch – Update to a kernel version that includes the fix. The fix is included in the 6.13 release candidate and has been backported to stable kernels 6.12.x and 6.6.x. Check your distribution's security advisories for the specific update.

2. Disable procfs conntrack if not needed – If you do not require /proc/net/nf_conntrack_expect for monitoring, disable CONFIG_NF_CONNTRACK_PROCFS in your kernel configuration. This eliminates the attack surface entirely.

3. Use netlink instead – For legitimate monitoring, use the netlink-based conntrack interface (ctnetlink) which is namespace-aware and does not expose information across namespaces. Tools like conntrack(8) use netlink by default.

4. Restrict container privileges – Ensure containers do not have CAP_SYS_ADMIN or CAP_NET_ADMIN unless absolutely necessary. Even without these capabilities, reading procfs may still be possible depending on the container runtime's mount namespace settings.

Broader implications for namespace isolation

CVE-2026-31496 is the latest in a series of vulnerabilities that erode the isolation guarantees of Linux namespaces. Past issues include:

• CVE-2022-0492: cgroup v1 release_agent escape
• CVE-2024-1086: netfilter use-after-free leading to privilege escalation
• CVE-2025-0364: user namespace container escape

Each of these shows that namespace isolation is not absolute. The kernel's attack surface is vast, and bugs in subsystems like netfilter can bypass the namespace boundary. For security-critical deployments, defense in depth remains essential.

Recommendations for Windows admins managing Linux workloads

If you manage Linux containers from a Windows host (e.g., using WSL2 or Docker Desktop with Linux containers), note that these environments also use Linux namespaces. The vulnerability affects the Linux kernel that runs inside the VM. Ensure that your WSL2 kernel or Docker Desktop's Linux VM is updated to a patched version.

For Hyper-V containers or Windows containers, the vulnerability does not apply because they use the Windows kernel, not Linux. However, if you run Linux containers under WSL2, the same risks exist.

Timeline and disclosure

The vulnerability was reported by security researcher Ryota Shiga on December 10, 2025. The fix was developed and committed on December 15, 2025, and assigned CVE-2026-31496 on December 18, 2025. The disclosure was coordinated through the Linux kernel security team.

Conclusion

CVE-2026-31496 is a classic information leak that undermines namespace isolation. While the exploit requires local access and does not provide direct code execution, the metadata it exposes can significantly aid an attacker's reconnaissance. The fix is straightforward, but administrators must act to apply it. This vulnerability serves as a reminder that the Linux kernel's namespace implementation is not a security boundary in itself—it must be combined with other controls like mandatory access controls (SELinux, AppArmor) and least privilege principles.

Actionable takeaway: Update your Linux kernel to a version containing the fix (6.13-rc1 or later, or backported versions). If you cannot update immediately, disable CONFIG_NF_CONNTRACK_PROCFS or restrict access to /proc/net/nf_conntrack_expect using mount namespace tricks or seccomp filters. Monitor your distribution's security advisories for the official patch.