CVE-2026-46300 (Fragnesia): Frequently Asked Questions About New Linux Kernel Privilege Escalation
On May 13, researcher William Bowling of V12 Security disclosed Fragnesia (CVE-2026-46300), a new local privilege escalation vulnerability in the Linux kernel's XFRM ESP-in-TCP subsystem. The exploit works deterministically without a race condition and has a public proof-of-concept. Systems patched for the related Dirty Frag vulnerabilities remain vulnerable to Fragnesia without an additional kernel patch. CVE Description CVSSv3 CVE-2026-46300 Linux Kernel XFRM ESP-in-TCP Local Privilege Escalation Vulnerability 7.8 The module blacklist mitigation used for Dirty Frag (blacklisting esp4/esp6/rxrpc) is effective against both vulnerabilities. Organizations that applied only the Dirty Frag kernel patches need to apply the new patch released May 13. For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.React2Shell: FAQ about React Server Components Vulnerability (CVE-2025-55182)
On December 3, the React Team published a blog post regarding a critical, maximum severity (CVSS 10) vulnerability affecting React Server Components. CVE Description CVSSv3 CVE-2025-55182 React Server Components Remote Code Execution Vulnerability 10.0 The flaw, which is an unsafe deserialization vulnerability, has been named “React2Shell” by researchers, a nod to the Log4Shell vulnerability. Additionally, the Next.js team published its own security advisory for CVE-2025-66478, a separate CVE to track the impact of CVE-2025-55182. However, the National Vulnerability Database (NVD) rejected it as a duplicate. For more information about React2Shell, including the availability of patches and Tenable product coverage, please visit our blog.Oracle E-Business Suite Zero-Day Exploited by Cl0p Ransomware Group (CVE-2025-61882)
On October 4, Oracle published a Security Alert Advisory for a zero-day in its E-Business Suite (EBS) solution: CVE Description CVSSv3 CVE-2025-61882 Oracle Concurrent Processing Remote Code Execution Vulnerability 9.8 This vulnerability was reportedly exploited in the wild by the Cl0p ransomware group. It followed earlier reports of extortion emails being sent to EBS customers by the Cl0p ransomware group. Initially, Oracle indicated that attacks used flaws in Oracle’s July 2025 CPU release. For more information about this zero-day vulnerability and associated vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)
On September 25, Cisco published three advisories for three zero-day vulnerabilities in its Cisco Adaptive Security Appliance (ASA) Software and Firewall Threat Defense (FTD) Software: CVE Description CVSSv3 Exploited CVE-2025-20333 Cisco ASA and FTD Software VPN Web Server Remote Code Execution Vulnerability (RCE) 9.9 Yes CVE-2025-20362 Cisco ASA and FTD Software VPN Web Server Unauthorized Access Vulnerability 6.5 Yes CVE-2025-20363 Cisco ASA and FTD Software, IOS Software, IOS XE Software, and IOS XR Software Web Services 9.0 No According to Cisco, two of the three zero-day vulnerabilities were exploited in the wild by the same threat actor behind 2024's ArcaneDoor campaign that also involved the exploitation of flaws in Cisco devices. For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.
