New Fragnesia Linux Vulnerability Exposes Root Access to Hackers
Linux Flaw Enables Root Access Through Exploitation of Page Cache Memory
A recent Linux vulnerability, designated as CVE-2026-46300 and referred to as Fragnesia, allows unauthorized attackers to elevate their privileges to root level on affected systems.
According to William Bowling, Head of Assurance at Zellic, the Fragnesia vulnerability falls under the category of Dirty Frag vulnerabilities, previously disclosed last week.
This particular flaw affects all Linux kernels released prior to May 13, 2026. A proof-of-concept exploit demonstrating the vulnerability has been made public, enabling attackers to execute malicious code as root.
Mitigation Strategies
-
Promptly installing kernel updates for specific environments is recommended.
-
For those unable to implement immediate patching, removing vulnerable kernel modules using the same strategy employed for Dirty Frag may be an option.
-
However, this approach may cause issues with certain applications, such as AFS distributed network file systems and IPsec VPNs, due to the removal of the esp4, esp6, and rxrpc modules.
Related News
-
The US Cybersecurity and Infrastructure Security Agency (CISA) has added Copy Fail to its list of exploited flaws and mandated federal agencies to secure their Linux systems within a two-week timeframe, by May 15.
-
Additionally, Linux distributions have already patched a root-privilege escalation vulnerability known as Pack2TheRoot in the PackageKit daemon, which had gone undetected for over a decade.
About Author
English