Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
First reported
Last updated
Happening score
H score 35
2 unique sources, 2 articles

Summary

Hide ▲

Fragnesia adds a fresh Linux kernel local privilege-escalation path, putting unprivileged local attackers on a route to root access across major distributions. The flaw is tracked as CVE-2026-46300 and sits in the kernel's XFRM ESP-in-TCP subsystem, where it enables deterministic page-cache corruption. Multiple vendors have issued advisories, a patch is available, and a proof-of-concept exploit has already been released. No in-the-wild exploitation has been observed yet, but the bug's read-only file tampering and privilege-escalation impact make it urgent for exposed Linux systems.

Related Happenings

Linux kernel GhostLock root privilege escalation (CVE-2026-43499)

Vulnerability
H score28 First: 08.07.2026 09:16 Last: 08.07.2026 09:16 Sources 1

About this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...

Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)

Vulnerability
H score23 First: 03.07.2026 22:40 Last: 03.07.2026 22:40 Sources 1

About this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...

CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM

Public Sector Action
H score46 First: 26.06.2026 15:31 Last: 26.06.2026 15:31 Sources 1

About this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...

Linux kernel DirtyClone privilege escalation (CVE-2026-43503)

Vulnerability
H score29 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...

CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)

Advisory/Mitigation
H score38 First: 16.06.2026 08:41 Last: 16.06.2026 08:41 Sources 1

About this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...

Timeline

  1. 14.05.2026 16:00 2 articles · 1mo ago

    Fragnesia disclosed with public PoC

    Initial Disclosure

    Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

    Show sources
  2. 14.05.2026 16:00 1 articles · 1mo ago

    Candidate fix and interim defenses emerge

    Mitigation Patch Update

    A candidate upstream fix for Fragnesia was submitted to the netdev mailing list on May 13, 2026, while mainline Linux had not yet merged the patch. Several Linux distributions began shipping backported fixes, and administrators who had disabled esp4, esp6, and rxrpc as a Dirty Frag workaround were also covered against Fragnesia until patched kernels were available.

    Show sources
  3. 14.05.2026 10:06 2 articles · 1mo ago

    Fragnesia CVE-2026-46300 disclosure and patch guidance

    Initial Disclosure

    Fragnesia is disclosed as a new Linux kernel local privilege escalation vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, in the XFRM ESP-in-TCP subsystem. Researchers say unprivileged local attackers can modify read-only file contents in the kernel page cache and gain root privileges, while vendors including AlmaLinux, Amazon Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu have issued advisories and a patch is available alongside Dirty Frag-style mitigations.

    Show sources
  4. 14.05.2026 10:06 2 articles · 1mo ago

    Fragnesia CVE-2026-46300 disclosure and patch guidance

    Initial Disclosure

    Fragnesia is disclosed as a new Linux kernel local privilege escalation vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, in the XFRM ESP-in-TCP subsystem. Researchers say unprivileged local attackers can modify read-only file contents in the kernel page cache and gain root privileges, while vendors including AlmaLinux, Amazon Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu have issued advisories and a patch is available alongside Dirty Frag-style mitigations.

    Show sources