mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
CVE-2026-46158 is a vulnerability related to the Multipath TCP (mptcp) implementation, specifically involving the ADD_ADDR retransmission logic and socket reference count management. The provided information is limited and does not include technical details beyond the title or a CVSS score. There is no indication of known exploits in the wild or detailed impact analysis. No patch or remediation information is provided, and the vendor advisory content does not clarify the fix status. The affected products include Microsoft and Azure Linux 3. 0 versions. Due to the lack of detailed information, the severity is assessed as medium based on the potential for resource management issues implied by the description.
AI Analysis
Technical Summary
This vulnerability concerns the Multipath TCP (mptcp) protocol implementation in Microsoft and Azure Linux 3.0, where the ADD_ADDR retransmission logic always decreases the socket reference count. The description and vendor advisory provide no further technical details or CVSS score. No patch or exploit information is currently available.
Potential Impact
The impact is not explicitly described in the available data. The vulnerability likely affects socket reference counting in mptcp ADD_ADDR retransmissions, which could potentially lead to resource mismanagement or stability issues. There are no reports of exploitation in the wild or detailed impact scenarios.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. No specific mitigation or workaround is provided in the available information.
mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
Description
CVE-2026-46158 is a vulnerability related to the Multipath TCP (mptcp) implementation, specifically involving the ADD_ADDR retransmission logic and socket reference count management. The provided information is limited and does not include technical details beyond the title or a CVSS score. There is no indication of known exploits in the wild or detailed impact analysis. No patch or remediation information is provided, and the vendor advisory content does not clarify the fix status. The affected products include Microsoft and Azure Linux 3. 0 versions. Due to the lack of detailed information, the severity is assessed as medium based on the potential for resource management issues implied by the description.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability concerns the Multipath TCP (mptcp) protocol implementation in Microsoft and Azure Linux 3.0, where the ADD_ADDR retransmission logic always decreases the socket reference count. The description and vendor advisory provide no further technical details or CVSS score. No patch or exploit information is currently available.
Potential Impact
The impact is not explicitly described in the available data. The vulnerability likely affects socket reference counting in mptcp ADD_ADDR retransmissions, which could potentially lead to resource mismanagement or stability issues. There are no reports of exploitation in the wild or detailed impact scenarios.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. No specific mitigation or workaround is provided in the available information.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_vex
- Csaf Version
- 2.0
- Publisher
- Microsoft Security Response Center
- Advisory Id
- msrc_CVE-2026-46158
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a19fed6e29bf47b500fe546
Added to database: 5/29/2026, 9:02:14 PM
Last enriched: 5/29/2026, 9:15:41 PM
Last updated: 5/31/2026, 4:56:59 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.