Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
Vulnerability
Summary
Hide ▲
Show ▼
Fragnesia adds a fresh Linux kernel local privilege-escalation path, putting unprivileged local attackers on a route to root access across major distributions. The flaw is tracked as CVE-2026-46300 and sits in the kernel's XFRM ESP-in-TCP subsystem, where it enables deterministic page-cache corruption. Multiple vendors have issued advisories, a patch is available, and a proof-of-concept exploit has already been released. No in-the-wild exploitation has been observed yet, but the bug's read-only file tampering and privilege-escalation impact make it urgent for exposed Linux systems.
Related Happenings
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
Vulnerability
H score28
First: 08.07.2026 09:16
Last: 08.07.2026 09:16
Sources 1
About this happening:
Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
VulnerabilityAbout this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
Vulnerability
H score23
First: 03.07.2026 22:40
Last: 03.07.2026 22:40
Sources 1
About this happening:
**Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
VulnerabilityAbout this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector Action
H score46
First: 26.06.2026 15:31
Last: 26.06.2026 15:31
Sources 1
About this happening:
CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector ActionAbout this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
Vulnerability
H score29
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
VulnerabilityAbout this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationAbout this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
Timeline
-
14.05.2026 16:00 2 articles · 1mo ago
Fragnesia disclosed with public PoC
Initial DisclosureCloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.
Show sources
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00
-
14.05.2026 16:00 1 articles · 1mo ago
Candidate fix and interim defenses emerge
Mitigation Patch UpdateA candidate upstream fix for Fragnesia was submitted to the netdev mailing list on May 13, 2026, while mainline Linux had not yet merged the patch. Several Linux distributions began shipping backported fixes, and administrators who had disabled esp4, esp6, and rxrpc as a Dirty Frag workaround were also covered against Fragnesia until patched kernels were available.
Show sources
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00
-
14.05.2026 10:06 2 articles · 1mo ago
Fragnesia CVE-2026-46300 disclosure and patch guidance
Initial DisclosureFragnesia is disclosed as a new Linux kernel local privilege escalation vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, in the XFRM ESP-in-TCP subsystem. Researchers say unprivileged local attackers can modify read-only file contents in the kernel page cache and gain root privileges, while vendors including AlmaLinux, Amazon Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu have issued advisories and a patch is available alongside Dirty Frag-style mitigations.
Show sources
- New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption — thehackernews.com — 14.05.2026 10:06
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00
-
14.05.2026 10:06 2 articles · 1mo ago
Fragnesia CVE-2026-46300 disclosure and patch guidance
Initial DisclosureFragnesia is disclosed as a new Linux kernel local privilege escalation vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, in the XFRM ESP-in-TCP subsystem. Researchers say unprivileged local attackers can modify read-only file contents in the kernel page cache and gain root privileges, while vendors including AlmaLinux, Amazon Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu have issued advisories and a patch is available alongside Dirty Frag-style mitigations.
Show sources
- New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption — thehackernews.com — 14.05.2026 10:06
- New Fragnesia Flaw Hands Linux Local Users Root Access — www.infosecurity-magazine.com — 14.05.2026 16:00