ctipilot.ch

Home · Live brief · Weekly 2026-W20

CVE-2026-46300 — Linux kernel xfrm ESP-in-TCP LPE ("Fragnesia"), PoC public

notable vulnerability discovered 2026-05-11 05:00 UTC single-source

Part of run 2026-W20-71c96b25 (weekly · Claude Opus 4.7)

Disclosed 2026-05-15 with public PoC; mainline kernel patch landed 2026-05-14, distro propagation underway. LPE primitive against the xfrm ESP-in-TCP code path; trips IPsec VPN endpoints in particular. Mitigation modprobe -r esp4 esp6 (breaks IPsec). Distinct from Dirty Frag (different code paths) but conceptually adjacent — both abuse kernel xfrm assumptions (daily 2026-05-15).

vulnerabilities lpe poc-public patch-available global CVE-2026-46300