VulnHub

Real-time Cybersecurity News

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

The Hacker News
LinuxCVEExploitVulnerabilityPrivilege Escalation

Overview

A new variant of a local privilege escalation vulnerability in the Linux kernel, named Fragnesia, has been identified. This vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, allows local attackers to gain root access through page cache corruption. This marks the third such vulnerability discovered in the Linux kernel within just two weeks, raising concerns for users and administrators. The flaw is rooted in the kernel's XFRM component, which is responsible for managing IPsec protocols. This means that systems using affected kernel versions could be at risk if not addressed promptly, as attackers could exploit this vulnerability to gain elevated privileges and potentially take control of vulnerable systems.

Key Takeaways

  • Affected Systems: Linux kernel versions affected by the XFRM component, specifically those vulnerable to local privilege escalation.
  • Action Required: System administrators are advised to update their Linux kernel to the latest version that addresses this vulnerability.
  • Timeline: Newly disclosed

Original Article Summary

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM

Impact

Linux kernel versions affected by the XFRM component, specifically those vulnerable to local privilege escalation.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

System administrators are advised to update their Linux kernel to the latest version that addresses this vulnerability. Specific patch details were not provided, but users should monitor official Linux distribution channels for updates.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, CVE, Exploit, and 2 more.

Read Original Article

Related Coverage

China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage

Hackread – Cybersecurity News, Data Breaches, AI and More

A recent report from Darktrace reveals that a group of Chinese hackers, known as Twill Typhoon, is using counterfeit websites mimicking Apple and Yahoo to conduct espionage. These fake sites are designed to lure unsuspecting users into providing sensitive information, which the attackers can then leverage for spying on various organizations. The hackers are utilizing a malware framework called FDMTP, which further aids their operations. This tactic poses a significant risk to individuals and companies who may mistakenly trust these fraudulent sites, potentially leading to data breaches and compromised security. Organizations are urged to remain vigilant and educate their employees about the dangers of phishing and counterfeit websites.

May 14, 2026

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

SecurityWeek

Hackers began exploiting a newly discovered vulnerability in PraisonAI within hours of its public disclosure. This flaw allows attackers to bypass authentication measures, potentially granting unauthorized access to sensitive data. The rapid response from malicious actors indicates a high level of interest in exploiting this weakness, which could affect numerous users and organizations relying on PraisonAI's services. Companies using this technology should take immediate steps to secure their systems to prevent unauthorized access and data breaches. The quick exploitation attempts serve as a reminder of the urgency in addressing newly disclosed vulnerabilities.

May 14, 2026

Most Organizations Now Use AI Agents for Sensitive Security Tasks

Infosecurity Magazine

A recent study by Semperis indicates that 74% of organizations are concerned that artificial intelligence (AI) will lead to more attacks on their identity infrastructure. As companies increasingly rely on AI agents for sensitive security tasks, there are growing worries about how these technologies might be exploited by attackers. The research suggests that while AI can enhance security measures, it also presents new vulnerabilities that cybercriminals may try to exploit. This trend raises important questions for businesses about how to balance the benefits of AI with the potential risks it introduces. Organizations will need to take proactive steps to secure their identity systems against these emerging threats.

May 14, 2026

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign

Security Affairs

A Chinese-linked hacking group known as FamousSparrow has targeted an Azerbaijani oil and gas company in a series of espionage attacks. The group repeatedly exploited the same entry point for three separate intrusions between December 2025 and February 2026. These attacks are part of a broader campaign aimed at gathering intelligence from the energy sector, which is vital for Azerbaijan's economy. The repeated access indicates a level of persistence and sophistication in their approach, raising concerns about the security measures in place to protect critical infrastructure. This situation underscores the ongoing risks that state-sponsored actors pose to national energy resources and the need for enhanced cybersecurity protocols in the sector.

May 14, 2026

Researcher Drops YellowKey, GreenPlasma Windows Zero-Days

SecurityWeek

A security researcher has disclosed two serious vulnerabilities in Windows, known as YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that allows unauthorized access to encrypted drives, but it requires physical access to the device. GreenPlasma, on the other hand, enables attackers to elevate their privileges to System level, potentially giving them full control over the affected system. These vulnerabilities pose a significant risk to users and organizations that rely on Windows for sensitive tasks. Companies should assess their physical security measures and apply necessary updates to protect against these risks.

May 14, 2026

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

The Hacker News

Researchers have identified multiple vulnerabilities in NGINX Plus and NGINX Open, including a severe flaw that has existed for 18 years. The most critical issue, a heap buffer overflow in the ngx_http_rewrite_module (CVE-2026-42945), could allow attackers to execute arbitrary code remotely without authentication. This vulnerability has a high severity score of 9.2 on the CVSS v4 scale. Organizations using these web servers are at risk, as the flaw could lead to significant security breaches. It is crucial for affected users to address this vulnerability promptly to safeguard their systems.

May 14, 2026