Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

Major Linux distributions are rolling out fixes for Dirty Frag, the Linux kernel patch release that covers CVE-2026-43284 and CVE-2026-43500. The update matters because the chained flaws can enable local privilege escalation and lead to root privileges on vulnerable systems.

Related Happenings

Progress LoadMaster CVE-2026-8037 patch release

Security Patch Release
H score52 First: 30.06.2026 10:38 Last: 30.06.2026 10:38 Sources 1

About this happening: **Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...

Linux kernel maintainers security patch release for CVE-2026-43503

Security Patch Release
H score34 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...

Ubiquiti UniFi OS security patch release for CVE-2026-34908/34909/34910

Security Patch Release
H score53 First: 24.06.2026 20:19 Last: 24.06.2026 20:19 Sources 1

About this happening: Ubiquiti released **UniFi OS** patches for **CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**, closing three maximum-severity defects tied to **in-the-wild exploitatio...

JCE Pro 2.9.99.6 patch for CVE-2026-48907

Security Patch Release
H score46 First: 17.06.2026 13:09 Last: 17.06.2026 13:09 Sources 1

About this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...

Fortinet security patch release for CVE-2026-39813

Security Patch Release
H score41 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...

Timeline

  1. 11.05.2026 17:30 1 articles · 1mo ago

    Hyunwoo Kim notifies Linux kernel security team about Dirty Frag

    Initial Disclosure

    Hyunwoo Kim contacted the Linux kernel security team on April 30, 2026 about Dirty Frag, a Linux kernel local privilege escalation flaw that could let a local attacker gain root privileges on vulnerable Linux distributions.

    Show sources
  2. 11.05.2026 17:30 2 articles · 1mo ago

    Dirty Frag is publicly released and Linux distributions start patching

    Mitigation Patch Update

    On May 8, 2026, the disclosure embargo for Dirty Frag broke, prompting Kim to publicly release the Dirty Frag document and a proof-of-concept exploit. The Linux kernel security team disclosed CVE-2026-43284 in xfrm-ESP (IPsec) and CVE-2026-43500 in RxRPC, Linux distribution maintainers began progressively releasing patches, Microsoft Defender Security Research Team reported limited in-the-wild activity involving 'su', and Wiz shared mitigation steps.

    Show sources