---
title: "CVE-2026-46243 CIFSwitch Mitigation"
description: "CIFSwitch CVE-2026-46243 mitigation demo showing agentsh blocking the request_key and add_key keyring-upcall syscalls used to reach the cifs.upcall root helper."
doc_version: "1.0"
last_updated: "2026-06-01"
canonical: "https://www.agentsh.org/mitigations/demo-cve-2026-46243/"
---

# CVE-2026-46243 CIFSwitch Mitigation

## Overview

This mitigation demo shows agentsh blocking the keyring-upcall syscalls used by CIFSwitch (CVE-2026-46243). CIFSwitch is a confused-deputy local privilege escalation: unprivileged code calls `request_key("cifs.spnego", <forged description>, ...)` and the kernel runs the root helper `cifs.upcall` on attacker-controlled fields. The vulnerable run can reach `request_key` and `add_key`; the protected run denies them at the execution layer while an ordinary IPv4 socket keeps working.

## Mitigation

A single scoped `sandbox.seccomp.syscalls.block` list denies `request_key` and `add_key`, returning `EPERM` at the kernel boundary. `default_action` stays `allow`, so normal syscalls are unaffected. The block compiles to a seccomp-BPF filter on the wrapped process, so the forged-description path is unreachable from the agent boundary even when the call bypasses libc. The policy result is deterministic and appears in the agentsh audit log.

## Sitemap

- [Canonical HTML](https://www.agentsh.org/mitigations/demo-cve-2026-46243/)
- [Site map](https://www.agentsh.org/sitemap.md)
- [Full documentation](https://www.agentsh.org/llms-full.md)