Linux is facing a serious security issue. A new vulnerability called Fragnasia, officially tracked as CVE-2026-46300, allows attackers to gain root access on systems. This flaw originates from a logic error in the Linux XFRM ESP-in-TCP subsystem. Unprivileged local users can exploit it to execute code as root by manipulating read-only files.
William Bowling, the head of assurance at Zellic, identified this vulnerability. He also shared a proof-of-concept exploit that shows how attackers can use it to modify the kernel’s memory. “Fragnasia belongs to the Dirty Frag vulnerability class,” he explained. It affects all Linux kernels released before May 13, 2026, and has a publicly available exploit.
This flaw works by combining two vulnerabilities: CVE-2026-43284 and CVE-2026-43500. By chaining them, attackers can change protected files in memory, leading to privilege escalation.
another day, another universal linux LPE https://t.co/GANYkAJwZS pic.twitter.com/XfzTsmg7kl
— V12 (@v12sec) May 13, 2026
Linux users must update their systems to protect against this threat. If an immediate patch is not possible, users can apply temporary fixes by removing specific kernel modules. However, this might cause issues with AFS distributed file systems and IPsec VPNs:
rmmod esp4 esp6 rxrpc
printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf
Interestingly, this is not the first time Linux has dealt with serious vulnerabilities. Recently, “Copy Fail,” another privilege escalation issue, has also been exploited. The Cybersecurity and Infrastructure Security Agency (CISA) urged federal agencies to secure their Linux systems quickly due to the increased risk it poses.
Cyber vulnerabilities like these are not uncommon. Experts note that they are often targeted by malicious actors. For instance, in April, Linux systems were patched for another flaw, Pack2TheRoot, that had gone undetected for years.
Staying updated is crucial. Recent statistics show that 81% of successful breaches take advantage of known vulnerabilities. Ensuring all systems are patched can help mitigate risks significantly. Visit the official CISA site for more information on known exploited vulnerabilities here.
