Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Linux distros patch release for Fragnasia (CVE-2026-46300)

Security Patch Release
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Linux distros are rolling out patches for CVE-2026-46300, a high-severity kernel flaw that can let unprivileged local attackers gain root on vulnerable Linux systems. The update campaign centers on Fragnasia, which affects the Linux XFRM ESP-in-TCP subsystem and needs prompt remediation. Systems that cannot patch immediately are being directed to a Dirty Frag-style mitigation that disables vulnerable kernel modules.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Cisco security patch release for CVE-2026-20182

Security Patch Release
First: 14.05.2026 20:45 Last: 14.05.2026 20:45 Sources 1

About this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...

Open Happening

F5 security patch release for CVE-2026-42945

Security Patch Release
First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

About this happening: F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...

Latest development: 17.05.2026 14:57

VulnCheck reported active exploitation of CVE-2026-42945 against NGINX Plus and NGINX Open, saying honeypot networks saw weaponized crafted HTTP requests that can crash worker processes and, when ASLR is disabled, enable remote code execution.

Open Happening

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Timeline

  1. 14.05.2026 10:34 2 articles · 13d ago

    Linux distros roll out Fragnasia patches

    Mitigation Patch Update

    Linux distributions are shipping patches for CVE-2026-46300 (Fragnasia), a high-severity Linux kernel privilege-escalation flaw in the Linux XFRM ESP-in-TCP subsystem that lets unprivileged local attackers write arbitrary bytes into the kernel page cache of read-only files and gain root on vulnerable Linux systems. Administrators who cannot patch immediately are advised to disable esp4, esp6, and rxrpc as a temporary mitigation, with the warning that the workaround can break AFS distributed network file systems and IPsec VPNs.

    Show sources
    Open in new tab