On May 13, researcher William Bowling of V12 Security disclosed Fragnesia (CVE-2026-46300), a new local privilege escalation vulnerability in the Linux kernel's XFRM ESP-in-TCP subsystem. The exploit works deterministically without a race condition and has a public proof-of-concept. Systems patched for the related Dirty Frag vulnerabilities remain vulnerable to Fragnesia without an additional kernel patch.

The module blacklist mitigation used for Dirty Frag (blacklisting esp4/esp6/rxrpc) is effective against both vulnerabilities. Organizations that applied only the Dirty Frag kernel patches need to apply the new patch released May 13.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.