HOMEVULNERABILITIESCVE-2026-46300
HIGHPOC

CVE-2026-46300

Published: May 23, 2026· Updated: May 26, 2026

7.8
CVSS v3.1
EPSS:0.05%probability of exploitation in 30 daysPercentile:16.8th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

net: skbuff: preserve shared-frag marker during coalescing

skb_try_coalesce() can attach paged frags from @from to @to. If @from

has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same

externally-owned or page-cache-backed frags, but the shared-frag marker

is currently lost.

That breaks the invariant relied on by later in-place writers. In

particular, ESP input checks skb_has_shared_frag() before deciding

whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP

receive coalescing has moved shared frags into an unmarked skb, ESP can

see skb_has_shared_frag() as false and decrypt in place over page-cache

backed frags.

Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged

frags. The tailroom copy path does not need the marker because it copies

bytes into @to's linear data rather than transferring frag descriptors.

NVD Source

Technical Analysis

CVE-2026-46300 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

A proof-of-concept (PoC) exploit exists for CVE-2026-46300. While not yet confirmed in active campaigns, the availability of PoC code increases exploitation risk substantially.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 2 total CPE entries

Exploit & PoC Resources

POC AVAILABLEProof-of-concept code exists
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

News & Research Mentioning CVE-2026-46300

Impact of Linux Kernel vulnerabilities on B&R products
CISA Alerts· Jun 23, 2026

View CSAF Summary B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products. The following versions of Impact of Linux Kernel vulnerabilities on B&R products are affected: Linux for B&R /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true Impact assessment: Disabling the algif_aead module removes the AEAD socket interface f [xlite_meta score:73 src:CISA Alerts xlite_fp:968f2d14c6ec3bfdadee07587780c6e8463e784ec0d508add5363b4e4f849d1f]

New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation
SecurityWeek· May 14, 2026

The vulnerability, tracked as CVE-2026-46300, is similar to the recently disclosed exploits named Dirty Frag and Copy Fail. The post New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation appeared first on SecurityWeek. [xlite_meta score:50 src:SecurityWeek xlite_fp:3e512662b971270d51f1d181a7a6bf871b696b43d5566adc499364a85fc1febe]

New Fragnesia Linux flaw lets attackers gain root privileges
BleepingComputer· May 14, 2026

Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. [...] [xlite_meta score:58 src:BleepingComputer xlite_fp:ed89ba4d41a983e8ca914b4bb0f87efa9edf2856ab73f8fe76639ec2818aeaef]

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
The Hacker News· May 14, 2026

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM [xlite_meta score:50 src:The Hacker News xlite_fp:43328ffcf5f454e4f3688dc757ee3dbe67316410786a477e26c74816a63e4759]

All References (12)

Quick Facts

CVE IDCVE-2026-46300
CVSS Score7.8 / 10
SeverityHIGH
CISA KEVNo
ExploitPOC
EPSS (30d)0.05%
Affected1 vendor
PublishedMay 23, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-46300 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.