CVE-2026-46300 (Fragnesia): Linux Kernel XFRM ESP-in-TCP LPE FAQ
Tenable, Thursday, May 14th, 2026
Fragnesia is a new Linux kernel local privilege escalation vulnerability affecting the XFRM ESP-in-TCP subsystem with a public PoC and separate patch required.
CVE-2026-46300 (Fragnesia) is a high-severity local privilege escalation vulnerability in the Linux kernel's XFRM ESP-in-TCP subsystem, disclosed on May 13, 2026 by William Bowling of V12 Security. The vulnerability allows any local user to gain root access by exploiting how the kernel fails to propagate shared fragment flags during socket buffer coalescing, enabling unauthorized page-cache writes.
While related to Dirty Frag, Fragnesia requires a separate kernel patch released on May 13, though existing Dirty Frag module blacklist mitigations protect against both vulnerabilities. A public proof-of-concept is available and has been confirmed working on Ubuntu systems, though no in-the-wild exploitation has been reported as of the disclosure date.