As I was saying, we're not done with page cache LPEs.

Looks like a third variant just dropped (CVE-2026-46300):
https://github.com/v12-security/pocs/tree/main/fragnesia
https://github.com/v12-security/pocs/blob/d4043edc2acbd75d093e3f5795751b678c66b259/fragnesia/fragnesia.c

https://www.openwall.com/lists/oss-security/2026/05/13/3

Initial reading is defense against #DirtyFrag mitigates this, too, so perhaps not a full round of updates needed here.

Linux LPE-Schwachstelle Fragnesia (CVE-2026-46300) - passt zum Feiertag

https://borncity.com/blog/2026/05/14/fragnesia-cve-2026-46300-neue-linux-schwachstelle-ermoeglicht-root-rechte/

Ich möchte anmerken: Es ist noch nicht Freitag! #Fragnesia

https://security-tracker.debian.org/tracker/CVE-2026-46300

⚠️ New Linux kernel vulnerability Fragnasia (CVE-2026-46300) allows local attackers to escalate privileges to root via a logic bug in the XFRM ESP-in-TCP subsystem.

All kernels before May 13, 2026 are affected.

Open-source security relies on community vigilance. Stay safe, patch early, and share this widely.

🌐 further info: https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/

#linux #security #exploit

Apparently yet another one of those #DirtyFrag-like vulnerabilities in #Linux, this one called #Fragnesia

CVE-2026-46300

https://www.openwall.com/lists/oss-security/2026/05/13/3

#CopyFail

et voilà il a reçu son nom de code CVE-2026-46300

"New Fragnesia Linux flaw lets attackers gain root privileges"

"[...] Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root."

https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/

#Linux

CVE-2026-42945 Heap-based Buffer Overflow in #nginx combined with the linux kernel LPEs is "not great" as we say in the industry.

https://depthfirst.com/nginx-rift

#CVE_2026_42945

CVE-2026-42945: Possible RCE in NGINX:

https://depthfirst.com/nginx-rift

Requires a specific regex based rewrite directive like

rewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1&tab=$2 last;

https://my.f5.com/manage/s/article/K000161019

(Of course also found & published by some AI platform. At least they told F5 first.)

And there's a bunch of other vulns in nginx that just dropped, but good luck keeping track if the list of security advisories contains no dates:

https://nginx.org/en/security_advisories.html

RE: https://infosec.exchange/@cR0w/116568840324508660

Plenty of prerequisites but worth looking into.

https://my.f5.com/manage/s/article/K000161019

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. (CVE-2026-42945)

#Nginx CVE-2026-42945

A bug in the ngx_http_rewrite_module lets a remote, unauthenticated attacker corrupt the heap of an NGINX worker process by sending crafted URI. The trigger is a common configuration pattern: a rewrite directive with an unnamed regex capture ($1, $2) and a replacement string that contains a question mark, followed by another rewrite, if, or set directive.

https://depthfirst.com/nginx-rift

NGINX Rift – CVE-2026-42945 : cette faille critique vieille de 18 ans menace vos serveurs Web https://www.it-connect.fr/nginx-rift-cve-2026-42945-cette-faille-critique-de-18-ans-menace-vos-serveurs-web/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Nginx

Critical Palo Alto PAN-OS Vulnerability CVE-2026-0300 Actively Exploited — Unauthenticated Root RCE on Firewalls
#CyberSecurity
https://securebulletin.com/critical-palo-alto-pan-os-vulnerability-cve-2026-0300-actively-exploited-unauthenticated-root-rce-on-firewalls/

Wieder Zero-Day Angriffe gegen Palo Alto Firewall

Und täglich grüßt das Murmeltier. Wieder ein amerikanischer Hersteller von proprietärer Netzwerktechnik, dessen Zero-Day "Sicherheitslücke" (Hintertür) von wahrscheinlich staatlich unterstützten Hackern angegriffen wird. Der Netzwerk-Ausrüster Palo Alto ist und ja schon öfter begegnet. Die CISA hat die Lücke CVE-2026-0300 bereits in den KEV Katalog aufgenommen. Normalerweise bedeutet das eine Anweisung an die Behörden, Updates gegen die betreffende Lücke innerhalb kürzester Frist einzuspielen. Nur dass im vorliegenden

https://www.pc-fluesterer.info/wordpress/2026/05/14/wieder-zero-day-angriffe-gegen-palo-alto-firewall/

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #firewall #foss #hersteller #hintertr #opensource #router #sicherheit #spionage #UnplugTrump #usa #vorbeugen

Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?

DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc

#CVE202641096 #KQL #ThreatHunting #MDE

May 2026 Patch Tuesday: 137 vulnerabilities across Windows, Office, Exchange, Azure. CVE-2026-41089 (Netlogon buffer overflow) grants SYSTEM on domain controllers with no auth required. CVE-2026-41096 (DNS Client) exploitable...

https://captechgroup.com/about-us/threat-intelligence-center/may-2026-patch-tuesday-fixes-51-cves-across-window-36b2ed?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=may-2026-patch-tuesday-fixes-51-cves-across-windows-exchange-office

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io

Two recent #Linux kernel vulnerabilities have been disclosed:
➡️ Copy Fail (CVE-2026-31431)
➡️ Dirty Frag (CVE-2026-43284 & CVE-2026-43500)

Both vulnerabilities exploit flaws in the page cache via different subsystems, necessitating immediate patching by affected organizations.

More details on #InfoQ ➡️ https://bit.ly/4dHOx47

#DevOps #SecurityVulnerabilities

RE: https://infosec.exchange/@cR0w/116561921535290325

https://security.paloaltonetworks.com/CVE-2026-0263

This issue requires IKEv2 VPN tunnels that is configured with Post Quantum Cryptography (PQC).

May 2026 Patch Tuesday: 137 vulnerabilities across Windows, Office, Exchange, Azure. CVE-2026-41089 (Netlogon buffer overflow) grants SYSTEM on domain controllers with no auth required. CVE-2026-41096 (DNS Client) exploitable...

https://captechgroup.com/about-us/threat-intelligence-center/may-2026-patch-tuesday-fixes-51-cves-across-window-36b2ed?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=may-2026-patch-tuesday-fixes-51-cves-across-windows-exchange-office

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io

Palo Alto Auth Bypass
#threatintel #cve
https://security.paloaltonetworks.com/CVE-2026-0265

Wazuh – CVE-2026-30893 : un patch est disponible pour cette faille critique https://www.it-connect.fr/wazuh-cve-2026-30893-un-patch-est-disponible-pour-cette-faille-critique/ #ActuCybersécurité #Cybersécurité #Vulnérabilité