---
title: "CVE-2026-31635 DirtyDecrypt RxRPC Mitigation"
description: "DirtyDecrypt CVE-2026-31635 mitigation demo showing agentsh blocking the AF_RXRPC setup socket used to reach rxgk decrypt attack paths."
doc_version: "1.0"
last_updated: "2026-05-18"
canonical: "https://www.agentsh.org/mitigations/demo-cve-2026-31635/"
---

# CVE-2026-31635 DirtyDecrypt RxRPC Mitigation

## Overview

This mitigation demo shows agentsh blocking the RxRPC setup socket used by DirtyDecrypt CVE-2026-31635. The vulnerable run can open AF_RXRPC; the protected run receives EAFNOSUPPORT while ordinary IPv4 sockets continue to work.

## Mitigation

The built-in `dirtyfrag-conservative` mitigation set includes the AF_RXRPC boundary DirtyDecrypt needs. A local socket rule can also deny AF_RXRPC directly when a narrower mitigation is preferred.

## Sitemap

- [Canonical HTML](https://www.agentsh.org/mitigations/demo-cve-2026-31635/)
- [Site map](https://www.agentsh.org/sitemap.md)
- [Full documentation](https://www.agentsh.org/llms-full.md)