top of page
ALL POSTS
Critical One-Character Linux Kernel Vulnerability Enables Local Root Access with Public Exploits Available
Key Findings A single inverted character in Linux kernel nf_tables code allows unprivileged local users to escalate to root via use-after-free vulnerability CVE-2026-23111 Upstream patch released February 5, 2026; working exploits published April 16 and June 8, 2026 Requires existing local foothold plus nf_tables and unprivileged user namespaces, both enabled by default on most systems CVSS rating 7.8 (high); no remote vector or known active exploitation Demonstrated on Debia
Jun 93 min read
New Fragnesia Linux Kernel LPE Vulnerability Grants Root Access Through Page Cache Corruption
Key Findings CVE-2026-46300 (Fragnesia) is a new Linux kernel LPE vulnerability with CVSS score 7.8 that grants unprivileged attackers root access via page cache corruption The flaw exists in the XFRM ESP-in-TCP subsystem and was discovered by William Bowling of the V12 security team Unlike the related Dirty Frag vulnerability, Fragnesia requires no host-level privileges for exploitation This is the third major Linux kernel LPE discovered in two weeks, following Copy Fail and
May 143 min read
PAN-OS RCE Exploit Actively Exploited for Root Access and Surveillance Operations
Key Findings CVE-2026-0300, a critical buffer overflow in PAN-OS User-ID Authentication Portal, is under active exploitation by suspected state-sponsored actors Unsuccessful exploitation attempts began April 9, 2026, with successful remote code execution achieved a week later Attackers achieved root-level access and injected shellcode into nginx worker processes Post-exploitation activities included Active Directory enumeration and deployment of EarthWorm and ReverseSocks5 to
May 83 min read
CISA Adds Actively Exploited Linux Root Access Vulnerability to Known Exploited Vulnerabilities Catalog
Key Findings CISA added CVE-2026-31431 to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild The Linux kernel flaw allows unprivileged local users to gain root-level access through a 732-byte Python exploit Nine-year-old vulnerability resulted from three separate kernel changes made in 2011, 2015, and 2017 that individually seemed harmless Patches available in Linux kernel versions 6.18.22, 6.19.12, and 7.0 Federal agencies must apply fixe
May 32 min read
Copy Fail: New Linux Bug Enables Root Access via Page-Cache Corruption
Key Findings CVE-2026-31431 ("Copy Fail") allows any unprivileged local user to write 4 controlled bytes into the page cache of readable files A 732-byte Python script can modify setuid binaries in memory and escalate privileges to root The vulnerability affects all major Linux distributions (Ubuntu, RHEL, SUSE, Amazon Linux) with kernels built between 2017 and the patch date Exploits are race-free, stealthy, and can cross container boundaries due to shared page cache CVSS sc
May 13 min read
Critical Linux "Copy Fail" Vulnerability Grants Root Access Across Major Distributions
Key Findings CVE-2026-31431 (Copy Fail) is a 9-year-old Linux kernel vulnerability enabling unprivileged users to gain root access A 732-byte Python script can exploit the flaw to modify setuid binaries in memory and achieve root privileges The vulnerability affects all major Linux distributions since 2017, including Ubuntu, RHEL, Amazon Linux, SUSE, and Debian Exploitation is reliable and portable across distributions with no race conditions required The flaw exists in the a
Apr 303 min read
SolarWinds Serv-U Critical Vulnerabilities Patched, Enabling Root Access
Key Findings SolarWinds has patched four critical vulnerabilities in its Serv-U file transfer server software The flaws could allow remote code execution and give attackers full root access on unpatched systems The vulnerabilities include: CVE-2025-40538: Broken access control flaw allowing creation of admin user and arbitrary code execution as root CVE-2025-40539 and CVE-2025-40540: Type confusion vulnerabilities enabling arbitrary native code execution as root CVE-2025-4054
Feb 252 min read
bottom of page
