CVE-2026-31890
Inspektor Gadget: Tracing Denial of Service via Event Flooding
Description
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers – the modern choice – is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1.
INFO
Published Date :
March 12, 2026, 6:16 p.m.
Last Modified :
April 6, 2026, 2:13 p.m.
Remotely Exploit :
No
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | [email protected] | ||||
| CVSS 4.0 | MEDIUM | [email protected] |
Solution
- Update Inspektor Gadget to version 0.50.1.
- Apply the latest security patches for Inspektor Gadget.
- Monitor event buffer usage for other applications.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-31890.
| URL | Resource |
|---|---|
| https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-wv52-frfv-mfh4 | Exploit Vendor Advisory |
| https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-wv52-frfv-mfh4 | Exploit Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-31890 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-31890
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-31890 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-31890 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Reanalysis by [email protected]
Apr. 06, 2026
Action Type Old Value New Value -
Initial Analysis by [email protected]
Mar. 16, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CPE Configuration OR *cpe:2.3:a:linuxfoundation:inspektor_gadget:*:*:*:*:*:*:*:* versions up to (excluding) 0.50.1 Added Reference Type GitHub, Inc.: https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-wv52-frfv-mfh4 Types: Exploit, Vendor Advisory Added Reference Type CISA-ADP: https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-wv52-frfv-mfh4 Types: Exploit, Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Mar. 13, 2026
Action Type Old Value New Value Added Reference https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-wv52-frfv-mfh4 -
New CVE Received by [email protected]
Mar. 12, 2026
Action Type Old Value New Value Added Description Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers – the modern choice – is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1. Added CVSS V4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-223 Added CWE CWE-770 Added Reference https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-wv52-frfv-mfh4