6 articles tagged #privilege-escalation
CVE-2026-23111 is a Linux nf_tables privilege escalation, CVSS 7.8. A full working exploit dropped June 8. Patches available since February — if you haven't applied them yet, now is the deadline.
CVE-2026-46243 (CIFSwitch) is a Linux kernel LPE in the CIFS client, CVSS 7.8. Public PoC available since 27 May 2026. Patches are out — patch and reboot.
CVE-2026-34040 lets attackers bypass Docker AuthZ plugins with a padded API request — upgrade to Moby 29.3.1 or later.
CVE-2026-31431 lets any local user escalate to root on Linux 4.14+ via a logic flaw in the AF_ALG crypto socket interface. A 732-byte Python script works every time, on every major distro. Here is how to check your exposure and apply the fix.
Researchers at Calif published the first public kernel exploit for macOS on M5 hardware that survives Apple's Memory Integrity Enforcement — a data-only LPE chain completed in five days.
CVE-2026-31431 (Copy Fail) is a Linux kernel LPE, CVSS 7.8. Working PoC is public. CISA KEV. Patches out for Ubuntu, Debian, AlmaLinux, and RHEL.