🟠 High | Source: Microsoft Security Response Center
CVE-2026-45850 is a Linux kernel vulnerability in the IPVS (IP Virtual Server) subsystem, where IPv6 extension headers are not correctly skipped during checksum validation. This flaw could potentially be exploited to bypass network-level integrity checks in virtualised or containerised environments, such as those running on Azure. It matters because IPVS is commonly used in Kubernetes load balancing and cloud networking stacks.
Security Architect’s Take: Review whether your Azure Kubernetes Service (AKS) or Linux-based VM workloads rely on IPVS mode for kube-proxy; prioritise applying kernel patches from Microsoft once available, and consider temporarily switching affected clusters to iptables mode as a mitigating measure.
Original advisory: CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks