India, June 9 -- A tiny Linux kernel mistake is now a serious local-root risk for systems that have not been updated. CVE-2026-23111 affects nf_tables, the kernel subsystem behind nftables, and public exploit write-ups now show how a low-privileged local user can become root and break out of a container. The bug is not remote by itself. An attacker first needs a foothold, such as a shell account, a compromised service account, or code running inside a container. That still makes it important because local access is often the second stage of a real attack, not the first.

The issue comes from an inverted check in nft_map_catchall_activate(). The upstream fix removed a wrong ! character, restoring the intended logic.

That small change matt...