Key Findings A single inverted character in Linux kernel nf_tables code allows unprivileged local users to escalate to root via use-after-free vulnerability CVE-2026-23111 Upstream patch released February 5, 2026; working exploits published April 16 and June 8, 2026 Requires existing local foothold plus nf_tables and unprivileged user namespaces, both enabled by default on most systems CVSS rating 7.8 (high); no remote vector or known active exploitation Demonstrated on Debia