Skip to content

Will any kernel CVE in the Linux mainline tree get assigned by the Linux CNA in 2026 with a CVSS over 9.0?

Open·Closes 9mo·Vol 0 credits

Probability

connecting…

Yes50%

Volume: 0 credits

Not enough trades yet to draw a history.

About

The Linux kernel became its own CNA in 2024 and intentionally avoids assigning high CVSS scores. Resolves YES if any CVE-2026-xxxxx assigned by the Linux CNA carries a CVSS v3.1 base score over 9.0 in the NVD.

Resolution criteria

NVD entry where cnaAssigner == 'kernel.org' (or equivalent) AND cvssMetricV31.baseScore > 9.0 AND Published year 2026.

Source: NVD JSON feed; CNA list at cve.org.
Ambiguity: AMBIGUOUS only if NVD scoring is in flux during the resolution window.

linuxkernelcnacvss

Discussion

Loading comments…