FORTINET Security Advisory
Published Date: May 13, 2026
CVE: CVE-2026-31431
Advisory Summary
⬢ Linux Kernel Vulnerability CVE-2026-31431 Resolved: Key Security Fix for Crypto AEAD Module ⬢
Fortinet has announced the resolution of a significant vulnerability in the Linux kernel’s cryptographic subsystem, identified as CVE-2026-31431, with a CVSSv3 score of 7.8, categorizing it as a high-severity risk. The issue involved the algifaead component tasked with authenticated encryption with associated data (AEAD). The kernel had introduced an in-place operation mode for this crypto algorithm, which turned out to be unnecessary and complex due to differing memory mappings between source and destination.
The fix primarily reverts a prior commit (72548b093ee3) to restore out-of-place operation, simplifying cryptographic data handling by directly copying associated data (AD) and eliminating the complexities and risks of in-place processing. This correction prevents potential data corruption or exposure, enhancing the reliability and security of cryptographic operations in Linux-based systems.
For IT infrastructure professionals, this patch is critical to apply promptly in environments where the updated Linux kernel or cryptographic modules are deployed, especially in data centers or cloud services relying on robust cryptographic functions. Systems running vulnerable versions should prioritize updating their kernels to incorporate this fix to mitigate the risk of exploitation.
⚠️ Action Recommended: Review Linux kernel versions in your environments and ensure the patch for CVE-2026-31431 is applied to protect cryptographic integrity and prevent possible memory handling issues.