SECURITYWEEK reports a new Linux kernel vulnerability, Fragnesia, tracked as CVE-2026-46300, which resides in the kernel’s XFRM ESP-in-TCP subsystem and could allow a local attacker to escalate privileges to root by overwriting sensitive system files. A PoC exploit is available, and a majority of Linux distributions are affected as patches begin to roll out.
The flaw is described as similar to Dirty Frag, with Microsoft’s threat intelligence team noting that Fragnesia exploits a memory write primitive in the kernel to corrupt the page cache of the /usr/bin/su binary, enabling a root shell and potentially affecting other files readable by the user such as /etc/passwd. According to Microsoft, exploitation is not constrained to the su binary. Microsoft has urged organisations to apply patches as soon as possible. Written by Eduard Kovacs, the piece is dated 14 May 2026 (9:44 AM ET).