CVE-2026-46274 is a Linux kernel vulnerability affecting the io-wq (io_uring work queue) subsystem, specifically a missing hash check in the io_wq_remove_pending() function. This flaw can lead to incorrect handling of predecessor nodes, potentially causing memory corruption or undefined behaviour. It is relevant to Azure environments where Linux-based virtual machines or container workloads rely on the affected kernel component.

Security Architect’s Take: Ensure Azure Linux VMs and AKS node pools are running patched kernel versions that include this fix; review your OS image update cadence and consider enabling automatic kernel updates for workloads exposed to untrusted or multi-tenant I/O operations.

Original advisory: CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()