Linux cgroup v1 release_agent container escape — re-enters CISA KEV 2026-06-02
cve · CVE-2022-0492
Coverage timeline
1
first 2026-06-03 → last 2026-06-03
Briefs
1
1 distinct
Sources cited
103
52 hosts
Sections touched
1
deep_dive
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-03CTI Daily Brief — 2026-06-03
Where this entity is cited
- deep_dive1
Source distribution
- attack.mitre.org15 (15%)
- thehackernews.com11 (11%)
- bleepingcomputer.com5 (5%)
- access.redhat.com3 (3%)
- helpnetsecurity.com3 (3%)
- microsoft.com3 (3%)
- rapid7.com3 (3%)
- unit42.paloaltonetworks.com3 (3%)
- other57 (55%)
External references
All cited sources (103)
- unit42.paloaltonetworks.comprimaryinlineUnit 42, 2022-03-07https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
- unit42.paloaltonetworks.comprimaryinlineUnit 42 primary research, 2026-05-06https://unit42.paloaltonetworks.com/captive-portal-zero-day/
- unit42.paloaltonetworks.comprimaryinlineUnit 42 — Copy Failhttps://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/
- access.redhat.cominlineRed Hat, CVE-2022-0492https://access.redhat.com/security/cve/cve-2022-0492
- access.redhat.cominlineRed Hat RHSB-2026-003https://access.redhat.com/security/vulnerabilities/RHSB-2026-003
- access.redhat.cominlineRed Hat RHSB-2026-02https://access.redhat.com/security/vulnerabilities/RHSB-2026-02
- advisories.ncsc.nlinlineNCSC-NL NCSC-2026-0158, 2026-05-15https://advisories.ncsc.nl/advisory?id=NCSC-2026-0158
- almalinux.orginlineAlmaLinux bloghttps://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
- almalinux.orginlineAlmaLinux bloghttps://almalinux.org/blog/2026-05-07-dirty-frag/
- amd.cominlineAMD Product Security, 2026-05-12https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html
- attack.mitre.orginlineMITRE ATT&CK T1611https://attack.mitre.org/techniques/T1611/
- attack.mitre.orginlineT1003 OS Credential Dumpinghttps://attack.mitre.org/techniques/T1003/
- attack.mitre.orginlineT1021.004 Remote Services: SSHhttps://attack.mitre.org/techniques/T1021/004/
- attack.mitre.orginlineT1055 Process Injectionhttps://attack.mitre.org/techniques/T1055/
- attack.mitre.orginlineT1068 Exploitation for Privilege Escalationhttps://attack.mitre.org/techniques/T1068/
- attack.mitre.orginlineT1070.002 Indicator Removal: Clear Linux or Mac System Logshttps://attack.mitre.org/techniques/T1070/002/
- attack.mitre.orginlineT1071 Application Layer Protocolhttps://attack.mitre.org/techniques/T1071/
- attack.mitre.orginlineT1098.004 Account Manipulation: SSH Authorized Keyshttps://attack.mitre.org/techniques/T1098/004/
- attack.mitre.orginlineT1190 Exploit Public-Facing Applicationhttps://attack.mitre.org/techniques/T1190/
- attack.mitre.orginline`T1485`https://attack.mitre.org/techniques/T1485/
- attack.mitre.orginlineT1496 Resource Hijackinghttps://attack.mitre.org/techniques/T1496/
- attack.mitre.orginlineT1505.003 Server Software Component: Web Shellhttps://attack.mitre.org/techniques/T1505/003/
- attack.mitre.orginlineT1548.001 Setuid and Setgid Abusehttps://attack.mitre.org/techniques/T1548/001/
- attack.mitre.orginlineT1562.001 Impair Defenses: Disable or Modify Toolshttps://attack.mitre.org/techniques/T1562/001/
- attack.mitre.orginlineT1572 Protocol Tunnelinghttps://attack.mitre.org/techniques/T1572/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-20https://www.bleepingcomputer.com/news/linux/exploit-released-for-new-pintheft-arch-linux-root-escalation-flaw/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-21https://www.bleepingcomputer.com/news/security/chinese-hackers-target-telcos-with-new-linux-windows-malware/
- bleepingcomputer.cominlineBleepingComputerhttps://www.bleepingcomputer.com/news/security/exploit-available-for-new-dirtydecrypt-linux-root-escalation-flaw/
- bleepingcomputer.cominlineBleepingComputer 2026-05-05https://www.bleepingcomputer.com/news/security/new-stealthy-quasar-linux-malware-targets-software-developers/
- bleepingcomputer.cominlineBleepingComputer, 2026-05-15https://www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
- blog.qualys.cominlineLooney Tunables (CVE-2023-4911)https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibc-s-ld-so
- blog.qualys.cominlineQualys TRUhttps://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path
- blog.talosintelligence.cominlineCisco Talos 2026-05-05https://blog.talosintelligence.com/uat-8302/
- bugs.chromium.orginlineJann Horn, 2019https://bugs.chromium.org/p/project-zero/issues/detail?id=1856
- ccb.belgium.beinlineCCB Belgium, 2026-05-08https://ccb.belgium.be/advisories/warning-dirty-frag-new-linux-local-privilege-escalation-vulnerability-was-disclosed
- cert.europa.euinlineCERT-EU Advisory 2026-005, 2026-04-30https://cert.europa.eu/publications/security-advisories/2026-005/
- cert.europa.euinlineCERT-EU Critical Advisory 2026-006https://cert.europa.eu/publications/security-advisories/2026-006/
- cert.ssi.gouv.frinlineCERT-FR, 2026-05-06https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0537/
- cert.ssi.gouv.frinlineCERT-FR / ANSSI advisory CERTFR-2026-AVI-0652https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0652/
- checkmarx.cominlineCheckmarx, 2026-05-12https://checkmarx.com/blog/ongoing-security-updates/
- cisa.govinlineCISA, 2026-06-02https://www.cisa.gov/news-events/alerts/2026/06/02/cisa-adds-two-known-exploited-vulnerabilities-catalog
- cisa.govinlineCISA KEV (added 2026-05-15)https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- cyberkendra.cominlineCyberKendra, 2026-05-07https://www.cyberkendra.com/2026/05/jdownloader-website-hacked-malicious.html
- cyberscoop.cominlineCyberScoop, 2026-05-05https://cyberscoop.com/cpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited/
- docs.gitlab.cominlineGitLabhttps://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-1-released/
- drupal.orginlineDrupal Security Team SA-CORE-2026-004https://www.drupal.org/sa-core-2026-004
- elastic.coinlineElastic Security Labs 2026-05-07https://www.elastic.co/security-labs/tclbanker-brazilian-banking-trojan
- flare.ioinlineFlare.io, 2026-05-07https://flare.io/learn/resources/blog/pamdoora-new-linux-pam-based-backdoor-sale-dark-web
- github.cominlineResearcher write-up (V4bel), 2026-05-07https://github.com/V4bel/dirtyfrag/blob/master/assets/write-up.md
- hackread.cominlineHackread, 2026-05-16https://hackread.com/pwn2own-berlin-2026-hits-capacity-hackers-0-days/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-04https://www.helpnetsecurity.com/2026/05/04/multiple-threat-actors-actively-exploit-cpanel-vulnerability-cve-2026-41940/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-08https://www.helpnetsecurity.com/2026/05/08/dirty-frag-linux-vulnerability-cve-2026-43284-cve-2026-43500/
- helpnetsecurity.cominlineHelp Net Security, 2026-05-14https://www.helpnetsecurity.com/2026/05/14/fragnesia-cve-2026-46300-linux-lpe-vulnerability/
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-25https://isc.sans.edu/diary/33016
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-18https://isc.sans.edu/diary/rss/32994
- labs.watchtowr.cominlinewatchTowr Labshttps://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
- lumen.cominlineLumen Black Lotus Labs, 2026-05-21https://www.lumen.com/blog/en-us/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms
- microsoft.cominlineMicrosoft Security Blog, 2026-05-01https://www.microsoft.com/en-us/security/blog/2026/05/01/cve-2026-31431-copy-fail-vulnerability-enables-linux-root-privilege-escalation/
- microsoft.cominlineMicrosoft Security Blog 2026-05-04https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/
- microsoft.cominlineMicrosoft Security Bloghttps://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/
- moselwal.cominlineMoselwal technical write-uphttps://moselwal.com/blog/dirtydecrypt-linux-kernel-rxgk-cve-2026-31635
- msrc.microsoft.cominlineMSRC CVE-2026-42897https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897
- oasis.securityinlineOasis Security 2026-05-07https://www.oasis.security/blog/cline-kanban-websocket-hijack
- openwall.cominlineoss-security, 2026-05-12https://www.openwall.com/lists/oss-security/2026/05/12/4
- openwall.cominlineoss-security / V12 Security, 2026-05-19https://www.openwall.com/lists/oss-security/2026/05/19/6
- ox.securityinlineOX Security, 2026-05-17https://www.ox.security/blog/new-actors-deploy-shai-hulud-clones-teampcp-copycats-are-here/
- piunikaweb.cominlinePiunikaWeb, 2026-05-08https://piunikaweb.com/2026/05/08/jdownloader-website-hacked-malware/
- pwc.cominlinePwC Threat Intelligence, 2026-05-21https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/red-lamassu-open-season.html
- rapid7.cominlineRapid7 ETRhttps://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass/
- rapid7.cominlineRapid7 ETR, 2026-05-29https://www.rapid7.com/blog/post/etr-rapid7-observed-exploitation-of-pan-os-globalprotect-authentication-bypass-vulnerability-cve-2026-0257/
- rapid7.cominlinean authenticated-RCE zero-day in Gogshttps://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/
- samba.orginlineSamba Projecthttps://www.samba.org/samba/security/CVE-2026-4408.html
- securelist.cominlineKaspersky Securelist — CVE-2025-68670, 2026-05-08https://securelist.com/cve-2025-68670/119742/
- securelist.cominlineKaspersky Securelist — Exploits and Vulnerabilities Q1 2026https://securelist.com/vulnerabilities-and-exploits-in-q1-2026/119733/
- security-hub.ncsc.admin.chinlineNCSC-CH 12547https://security-hub.ncsc.admin.ch/api/posts/12547/details
- security.paloaltonetworks.cominlinePalo Alto Networks PSIRT, 2026-05-29https://security.paloaltonetworks.com/CVE-2026-0257
- security.paloaltonetworks.cominlinePalo Alto PSIRThttps://security.paloaltonetworks.com/CVE-2026-0300
- securityweek.cominlineSecurityWeek, 2026-05-04https://www.securityweek.com/sophisticated-quasar-linux-rat-targets-software-developers/
- socket.devinlineSocket, 2026-05-23https://socket.dev/blog/laravel-lang-compromise
- socket.devinlineSocket, 2026-05-22https://socket.dev/blog/malicious-postinstall-hook-found-across-700-github-repos
- thehackernews.cominlineThe Hacker News, 2026-05-21https://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html
- thehackernews.cominlineThe Hacker News, 2026-05-06https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html
- thehackernews.cominlineHacker News writeuphttps://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html
- thehackernews.cominlineThe Hacker Newshttps://thehackernews.com/2026/05/dirtydecrypt-poc-released-for-linux.html
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html
- thehackernews.cominlineThe Hacker News, 2026-05-19https://thehackernews.com/2026/05/mini-shai-hulud-pushes-malicious-antv.html
- thehackernews.cominlineThe Hacker News, 2026-05-12https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html
- thehackernews.cominlineThe Hacker News, 2026-05-08https://thehackernews.com/2026/05/new-linux-pamdoora-backdoor-uses-pam.html
- thehackernews.cominlineThe Hacker News, 2026-05-23https://thehackernews.com/2026/05/packagist-supply-chain-attack-infects-8.html
- thehackernews.cominlineThe Hacker News 2026-05-04https://thehackernews.com/2026/05/progress-patches-critical-moveit.html
- thehackernews.cominlineThe Hacker News, 2026-05-21https://thehackernews.com/2026/05/showboat-linux-malware-hits-middle-east.html
- thezdi.cominlineZero Day Initiative — Day 1, 2026-05-13https://www.thezdi.com/blog/2026/5/13/pwn2own-berlin-2026-day-one-results
- thezdi.cominlineZero Day Initiative — Day 3, 2026-05-16https://www.thezdi.com/blog/2026/5/16/pwn2own-berlin-2026-day-three-results-and-master-of-pwn
- trendmicro.cominlineTrend Micro Research, 2026-05-04https://www.trendmicro.com/en_us/research/26/e/quasar-linux-qlnx-a-silent-foothold-in-the-software-supply-chain.html
- ubuntu.cominlineUbuntu — Dirty Frag fixes-availablehttps://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available
- ubuntu.cominlineCanonical / Ubuntu, 2026-05-19https://ubuntu.com/blog/ssh-keysign-pwn-linux-vulnerability-fixes-available
- veeam.cominlineVeeam shipped KB4852 / Backup & Replication patch version 13.0.2.29 on 2026-05-27https://www.veeam.com/kb4852
- wid.cert-bund.deinlineBSI WID-SEC-2026-1232https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1232
- wiz.ioinlineWiz Researchhttps://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc
- wiz.ioinlineLinux kernel security advisory CVE-2026-46300https://www.wiz.io/blog/fragnesia-linux-kernel-local-privilege-escalation-via-esp-in-tcp
- xbow.cominlineXBOW research, 2026-05-12https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
- xenbits.xen.orginlineXSA-490https://xenbits.xen.org/xsa/advisory-490.html
- zerodayinitiative.cominlineZero Day Initiative, 2026-05-15https://www.zerodayinitiative.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results
Items in briefs about Linux cgroup v1 release_agent container escape — re-enters CISA KEV 2026-06-02
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.