Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux kernel improper privilege management flaw (CVE-2026-46333)

Vulnerability
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

A Linux kernel privilege-management flaw, CVE-2026-46333, can let unprivileged local users on Debian, Fedora, and Ubuntu disclose /etc/shadow and SSH host keys or execute commands as root. The issue was introduced in November 2016 and carries a CVSS score of 5.5. A public PoC released last week raises the urgency for systems that have not yet applied the kernel update or temporary hardening.

Related Happenings

NHS England Digital libssh2 update advisory for CVE-2026-55200

Advisory/Mitigation
H score38 First: 29.06.2026 10:06 Last: 29.06.2026 10:06 Sources 1

About this happening: **NHS England Digital** has issued an **update advisory** for **libssh2** after a public proof-of-concept surfaced for **CVE-2026-55200**. The flaw can let a **malicious or compro...

Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw

Vulnerability
H score31 First: 30.05.2026 17:16 Last: 30.05.2026 17:16 Sources 1

About this happening: The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...

Latest development: 01.06.2026 14:19

Major Linux distributions rolled out fixes for the CIFSwitch Linux kernel CIFS privilege-escalation flaw, and Manizada published PoC code to help defenders validate patches, mitigations, detections, and exposure. Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP systems that ship cifs-utils by default are vulnerable, and some distros are vulnerable only if cifs-utils was manually installed.

Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)

Vulnerability
H score15 First: 20.05.2026 13:52 Last: 20.05.2026 13:52 Sources 1

About this happening: **PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...

Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)

Vulnerability
H score41 First: 18.05.2026 10:18 Last: 18.05.2026 10:18 Sources 1

About this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...

Linux kernel Dirty Frag local root escalation privilege-escalation flaw

Vulnerability
H score30 First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...

Timeline

  1. 21.05.2026 10:35 2 articles · 1mo ago

    Linux kernel improper privilege management flaw (CVE-2026-46333)

    Initial Disclosure

    The flaw was introduced in **November 2016** and later confirmed as **CVE-2026-46333** in the **Linux kernel**. Early proof-of-concept testing showed that local access could be turned into root-level compromise or sensitive-file disclosure.

    Show sources