CVE-2026-46300
EPSS 0.3%Public PoC, distro advisories, defender triage active; KEV-listing pending metadata.
What: Linux kernel privilege escalation in XFRM ESP-in-TCP subsystem (CVE-2026-46300, "Fragnesia") allowing unprivileged attackers to gain root via AES-GCM keystream manipulation.
Why it matters: Multiple major Linux distros have issued advisories; public PoC exists; described as third LPE in ~2 weeks. High-confidence technical signal: arbitrary byte writes into page cache of privileged binaries (e.g., /usr/bin/su). Defenders are actively recommending module blacklisting as immediate mitigation.
Where it's seen: Security media (HackersNews, Borncity), DFIR/defender accounts triaging, distro advisory circulation. Posts cite concrete attack surface (XFRM, IPsec) and exploitation mechanics.
RISK: CRITICAL — Unauthenticated local root escalation with public PoC; distro patches confirmed.
No NVD details ingested for this CVE yet.