Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux distros patch release for Fragnasia (CVE-2026-46300)

Security Patch Release
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Linux distros are rolling out patches for CVE-2026-46300, a high-severity kernel flaw that can let unprivileged local attackers gain root on vulnerable Linux systems. The update campaign centers on Fragnasia, which affects the Linux XFRM ESP-in-TCP subsystem and needs prompt remediation. Systems that cannot patch immediately are being directed to a Dirty Frag-style mitigation that disables vulnerable kernel modules.

Related Happenings

Linux kernel maintainers security patch release for CVE-2026-43503

Security Patch Release
H score34 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...

Squid web proxy patch for CVE-2026-47729

Security Patch Release
H score20 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Cisco security patch release for CVE-2026-20182

Security Patch Release
H score60 First: 14.05.2026 20:45 Last: 14.05.2026 20:45 Sources 1

About this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...

F5 security patch release for CVE-2026-42945

Security Patch Release
H score25 First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

About this happening: F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...

Latest development: 17.05.2026 14:57

VulnCheck reported active exploitation of CVE-2026-42945 against NGINX Plus and NGINX Open, saying honeypot networks saw weaponized crafted HTTP requests that can crash worker processes and, when ASLR is disabled, enable remote code execution.

Timeline

  1. 14.05.2026 10:34 2 articles · 1mo ago

    Linux distros roll out Fragnasia patches

    Mitigation Patch Update

    Linux distributions are shipping patches for CVE-2026-46300 (Fragnasia), a high-severity Linux kernel privilege-escalation flaw in the Linux XFRM ESP-in-TCP subsystem that lets unprivileged local attackers write arbitrary bytes into the kernel page cache of read-only files and gain root on vulnerable Linux systems. Administrators who cannot patch immediately are advised to disable esp4, esp6, and rxrpc as a temporary mitigation, with the warning that the workaround can break AFS distributed network file systems and IPsec VPNs.

    Show sources