Back

Fragnesia Vulnerability Allows Root Access on Linux Systems

Severity: High (Score: 72.6)

Sources: Wiz, Theregister, Bleepingcomputer, access.redhat.com, Almalinux

Summary

A new Linux kernel vulnerability, named Fragnesia (CVE-2026-46300), has been disclosed, allowing unprivileged users to escalate privileges to root. Discovered by William Bowling of the V12 security team, this flaw exploits improper handling of shared page fragments in the XFRM ESP-in-TCP subsystem. The vulnerability is linked to the recently reported Dirty Frag and allows attackers to modify read-only files in memory without altering the original files on disk. Public proof-of-concept exploit code is available, making this a critical threat for all major Linux distributions, including AlmaLinux, Debian, and Ubuntu. Administrators are urged to patch affected systems or disable vulnerable modules immediately. The flaw poses a significant risk in multi-tenant environments where untrusted users may gain shell access. Current patched kernels are available in testing repositories, but full production patches are pending. Key Points: • Fragnesia (CVE-2026-46300) allows unprivileged users to gain root access on Linux systems. • Public exploit code is available, increasing the urgency for administrators to apply patches. • The vulnerability affects all major Linux distributions, including AlmaLinux and Debian.

Key Entities

  • Privilege Escalation (attack_type)
  • Zero-day Exploit (attack_type)
  • Alma Linux (company)
  • CloudLinux (company)
  • Debian (company)
  • Fedora (company)
  • Microsoft (company)
  • AlmaLinux (platform)
  • Amazon Linux (platform)
  • Gentoo (platform)
  • Red Hat Enterprise Linux (platform)
  • CentOS Stream (platform)
  • CVE-2026-43284 (cve)
  • CVE-2026-43500 (cve)
  • CVE-2026-46300 (cve)
  • CWE-269 - Improper Privilege Management (cwe)
  • bugs.almalinux.org (domain)
  • tools.at (domain)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • Copy Fail (vulnerability)
  • Dirty Cow (vulnerability)
  • Dirty Frag (vulnerability)
  • DirtyFrag (vulnerability)
  • Fragnasia (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed