PoC Archive PoC Archive

All PoCs

Every proof-of-concept in the archive. Filter by category, severity, patch status and date, or search across titles, CVEs, tags and affected products.

Category

Severity

Patch status

Date range

Sort

131 result(s)

Medium
VLC Bundled FFmpeg VP9 Decoder Resolution-Change Heap Crash
None assigned as of 2026-07-03· VLC media player, bundled FFmpeg VP9 decoder (plugins/codec/libavcodec_plugin.dll) unpatched
High
System Informer phsvc Trusted-Host Confused Deputy LPE
None assigned as of 2026-07-03· System Informer (Process Hacker successor), phsvc helper process unpatched
High
RustDesk Relay Session Downgrade and FileTransfer Authorization Scope Bypass
None assigned as of 2026-07-03· RustDesk (rustdesk/rustdesk) — client relay/session setup and server-side connection dispatcher unpatched
Critical
Redis Vector Set Duplicate HNSW Node ID RCE
None assigned as of 2026-07-03· Redis server, Vector Set module (modules/vector-sets) unpatched
Critical
QEMU CXL Type-3 Mailbox Guest-to-Host Escape
None assigned as of 2026-07-03· QEMU (CXL Type-3 device emulation, hw/cxl/cxl-mailbox-utils.c) unpatched
High
Pillow ImageCms Mutable output_mode Heap OOB Write
None assigned as of 2026-07-03· Pillow (Python Imaging Library fork), PIL.ImageCms module unpatched
Critical
PHP 8.5.7 StreamBucket-to-SOAP Numeric Cookie Remote Code Execution
None assigned as of 2026-07-03· PHP CLI (Zend Engine) — ArrayIterator, StreamBucket, SoapClient internals unpatched
High
OpenVPN Connect Server-Pushed Option Current-User Command Execution
None assigned as of 2026-07-03· OpenVPN Connect for Windows unpatched
Medium
objdump DLX ELF Backend Out-of-Bounds Write (Crash-to-Calc)
None assigned as of 2026-07-03· GNU Binutils objdump — DLX ELF backend (elf32-dlx) unpatched
High
NodeBB ActivityPub attributedTo Local UID Spoof
None assigned as of 2026-07-03· NodeBB — ActivityPub server-to-server inbox unpatched
Low
Nmap IPv6 Extension-Header Length Wrap
None assigned as of 2026-07-03· Nmap — shared packet parsing code (libnetutil/netutil.cc, tcpip.cc) unpatched
High
nghttpx HTTP/1.1 Upgrade Request Body Response Queue Poisoning
None assigned as of 2026-07-03· nghttp2's nghttpx reverse proxy patched
High
Nextcloud Federated Share OCM Bearer Token Scope Escalation to Sender WebDAV Access
None assigned as of 2026-07-03· Nextcloud Server — federated file sharing, OCM token exchange, WebDAV bearer authentication unpatched
High
Next.js unstable_cache Object-Argument Cache-Key Collision
None assigned as of 2026-07-03· Next.js (App Router, Data Cache) unpatched
High
MyBB 1.8.40 Limited Admin CP User-Manager to Full Administrator Privilege Escalation
None assigned as of 2026-07-03 (see Notes — CVE-2026-45115 identifies a separate, already-patched MyBB issue)· MyBB forum software, Admin CP add-user flow unpatched
Critical
Lunar Client Modrinth Explore Raw-HTML to Local Launcher Execution Chain
None assigned as of 2026-07-03· Lunar Client (Electron desktop application), Modrinth Explore integration unpatched
Critical
libssh2 Unchecked SSH packet_length Integer Wrap to RCE (CVE-2026-55200)
CVE-2026-55200· libssh2, ssh2_transport_read() in src/transport.c patched
Critical
libssh2 Publickey Subsystem List Parser Heap Corruption to Code Execution
None assigned as of 2026-07-03· libssh2, publickey subsystem list parser (src/publickey.c) unpatched
Medium
libarchive ZIP Declared-Size Boundary Bypass via debuginfod
None assigned as of 2026-07-03· libarchive (ZIP reader) and elfutils debuginfod unpatched
Critical
Langflow Missing-Authentication Remote Code Execution (CVE-2025-3248)
CVE-2025-3248· Langflow (open-source AI/LLM workflow builder) patched
Critical
Ladybird Browser WebAssembly ESM Host-Function Use-After-Free RCE
None assigned as of 2026-07-03· Ladybird web browser (WebContent process, LibWeb / LibWasm) unpatched
High
ImageMagick Ghostscript Delegate Search Path Hijack
None assigned as of 2026-07-03· ImageMagick (Ghostscript delegate for PDF/PS/EPS conversion) on Windows unpatched
Critical
Gogs Admin User Edit CSRF to Git Hook RCE
None assigned as of 2026-07-03· Gogs (self-hosted Git service) unpatched
High
Gitea act_runner container.options Host Namespace Escape
None assigned as of 2026-07-03· Gitea Actions act_runner (Docker-backed) unpatched
Medium
Ghidra 12.1.2 Conditional Swift Demangler ACE (plus TraceRMI RCE and SevenZipJBinding Reachability)
None assigned as of 2026-07-03· Ghidra (NSA reverse-engineering suite) unpatched
Critical
Fortinet FortiClient EMS Pre-Auth Bypass — "FortiBleed" (CVE-2026-35616)
CVE-2026-35616· Fortinet FortiClient Endpoint Management Server (EMS) unpatched
High
Flowise Custom MCP Environment Variable Case Bypass
None assigned as of 2026-07-03· Flowise / flowise-components unpatched
Critical
Floci API Gateway VTL RCE + IAM Scope Bypass
None assigned as of 2026-07-03· Floci (AWS-compatible local cloud emulator) unpatched
High
Firefox Smart Window Private URL Exfiltration
None assigned as of 2026-07-03· Firefox Smart Window (AI browsing assistant feature) unpatched
Critical
FFmpeg RASC Decoder DLTA Heap Out-of-Bounds Write
None assigned as of 2026-07-03· FFmpeg, libavcodec RASC decoder (AV_CODEC_ID_RASC) unpatched
Medium
Docker cp Copy-Out Destination Escape via Symlink Race
None assigned as of 2026-07-03· Docker Engine / CLI unpatched
High
Discourse Scoped API Key Pre-Route Authorization Bypass
None assigned as of 2026-07-03· Discourse (forum platform) unpatched
Medium
curl SMTP EXPN Recipient CRLF Command Injection
None assigned as of 2026-07-03· curl / libcurl (SMTP support) unpatched
High
Citrix NetScaler ADC/Gateway Pre-Auth SAML Memory Overread — "CitrixBleed"-style Leak (CVE-2026-8451)
CVE-2026-8451· Citrix NetScaler ADC and NetScaler Gateway unpatched
High
c-ares TCP ares_getaddrinfo() Use-After-Free Code Execution
None assigned as of 2026-07-03· c-ares (async DNS resolver library) unpatched
High
AnyDesk Printer Pipe COM Impersonation Local Privilege Escalation
None assigned as of 2026-07-03· AnyDesk for Windows 9.7.6 unpatched
High
7-Zip RAR5 Mark-of-the-Web / ADS Full-Chain Bypass
None assigned as of 2026-07-03· 7-Zip 26.01 x64 for Windows unpatched
High
WinRAR Windows Path Traversal via NTFS Alternate Data Streams (CVE-2025-8088)
CVE-2025-8088· WinRAR (Windows) patched
Critical
Unauthenticated RCE in Mirasvit Full Page Cache Warmer for Magento 2 (CVE-2026-45247)
CVE-2026-45247· Mirasvit Full Page Cache Warmer extension for Magento 2 unpatched
Critical
Unauthenticated RCE in Joomla Content Editor (JCE) Profile Import (CVE-2026-48907)
CVE-2026-48907· Joomla Content Editor (JCE) extension by Widget Factory unpatched
Medium
Squidbleed — Squid Proxy FTP Gateway Out-of-Bounds Heap Read (CVE-2026-47729)
CVE-2026-47729· Squid Proxy — FTP gateway / directory-listing parser patched
High
PAN-OS GlobalProtect Authentication Bypass via Forged Cookie (CVE-2026-0257)
CVE-2026-0257· Palo Alto Networks PAN-OS — GlobalProtect portal and gateway (also affects certain Prisma Access deployments) unpatched
High
Google Chromium V8 Out-of-Bounds Read/Write — Crash PoC (CVE-2026-11645)
CVE-2026-11645· Google Chrome / Chromium — V8 JavaScript and WebAssembly engine unpatched
Critical
Cisco Unified CM WebDialer SSRF to Arbitrary File Write / RCE (CVE-2026-20230)
CVE-2026-20230· Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) unpatched
Medium
Cisco Catalyst SD-WAN Manager Arbitrary File Write (CVE-2026-20262)
CVE-2026-20262· Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) unpatched
High
Authenticated Command Injection in LiteLLM MCP Test Endpoints (CVE-2026-42271)
CVE-2026-42271· BerriAI LiteLLM (proxy) — MCP preview/test endpoints patched
Critical
SP Page Builder (Joomla) Unauthenticated File Upload RCE (CVE-2026-48908)
CVE-2026-48908· SP Page Builder extension for Joomla (joomshaper.net) patched
High
Linux Kernel act_pedit Partial COW Page-Cache LPE (CVE-2026-46331)
CVE-2026-46331· Linux Kernel — net/sched/act_pedit (traffic control packet editing) unpatched
Critical
libssh2 SSH Packet Length OOB Heap Write / Unauthenticated RCE (CVE-2026-55200)
CVE-2026-55200· libssh2 (SSH client library) patched
Low
libcurl mTLS Connection Reuse Authentication Bypass (CVE-2026-8932)
CVE-2026-8932· libcurl (embedded library; standalone curl CLI unaffected) patched
Critical
GNU Inetutils telnetd Unauthenticated Root RCE via NEW-ENVIRON (CVE-2026-24061)
CVE-2026-24061· GNU Inetutils telnetd patched
Critical
GeoVision GV-I/O Box 4E DVRSearch Unauthenticated Stack Buffer Overflow RCE (CVE-2026-12485)
CVE-2026-12485· GeoVision GV-I/O Box 4E (Linux-based smart embedded I/O device) patched
High
FFmpeg MagicYUV Decoder Out-of-Bounds Write / RCE — PixelSmash (CVE-2026-8461)
CVE-2026-8461· FFmpeg libavcodec — MagicYUV video decoder patched
High
Claude Desktop Cowork VM Image Integrity Bypass / Local Persistence (CVE-2026-7574)
CVE-2026-7574· Anthropic Claude Desktop — Cowork feature unpatched
High
Windows CTFMON Arbitrary Section Object EoP — GreenPlasma (CVE-2026-45586)
CVE-2026-45586· Windows Collaborative Translation Framework (CTFMON service) patched
Critical
Ubiquiti UniFi OS Unauthenticated RCE Chain (CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910)
CVE-2026-34908, CVE-2026-34909, CVE-2026-34910· Ubiquiti UniFi OS Server patched
Critical
Splunk Enterprise Pre-Auth RCE via PostgreSQL Sidecar (CVE-2026-20253)
CVE-2026-20253· Splunk Enterprise patched
Critical
Ivanti Sentry Pre-Auth RCE + Auth Bypass (CVE-2026-10520 / CVE-2026-10523)
CVE-2026-10520, CVE-2026-10523· Ivanti Sentry (formerly MobileIron Sentry) patched
High
DirtyClone — Linux Kernel LPE via Cloned Packet Page-Cache Overwrite (CVE-2026-43503)
CVE-2026-43503· Linux kernel (netfilter TEE / __pskb_copy_fclone()) patched
High
Cisco Catalyst SD-WAN Manager Privilege Escalation (CVE-2026-20245)
CVE-2026-20245· Cisco Catalyst SD-WAN Manager (vManage), SD-WAN Controller (vSmart), SD-WAN Validator (vBond) unpatched
Critical
Check Point Remote Access VPN IKEv1 Auth Bypass (CVE-2026-50751)
CVE-2026-50751· Check Point Remote Access VPN / Mobile Access / Spark Firewall patched
Medium
YellowKey — BitLocker Bypass via WinRE autofstx.exe (CVE-2026-45585)
CVE-2026-45585· Windows BitLocker / WinRE (autofstx.exe) patched
High
CVE-2026-50656 RoguePlanet — Safe Vulnerability Checker (Resurface)
CVE-2026-50656· Microsoft Malware Protection Engine (mpengine.dll, MsMpEng.exe) patched
High
RoguePlanet — Windows Defender LPE via ISO Mount + Task Scheduler Race Condition
CVE-2026-50656· Microsoft Windows Defender / Windows Error Reporting Task Scheduler unpatched
Critical
FirefUXSS: Universal XSS in Firefox Focus for iOS via Redirect-Scheme Validation Race Condition
Firefox Focus for iOS unpatched
High
ssh-keysign-pwn: pidfd_getfd FD Theft via mm-NULL Exit Window (CVE-2026-46333)
CVE-2026-46333· Linux kernel plus privileged userland binaries (ssh-keysign, chage) patched
Critical
Netlogon CLDAP Stack Buffer Overflow (CVE-2026-41089)
CVE-2026-41089· Microsoft Windows Netlogon (Domain Controller CLDAP path) patched
High
LiteSpeed User-End cPanel Plugin Local Privilege Escalation (CVE-2026-48172)
CVE-2026-48172· LiteSpeed cPanel Plugin unpatched
Critical
Drupal Core PostgreSQL SQL Injection (CVE-2026-9082)
CVE-2026-9082 / SA-CORE-2026-004· Drupal Core unpatched
High
Notepad++ <= 8.9.6 Multiple Vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800)
CVE-2026-48770, CVE-2026-48778, CVE-2026-48800· Notepad++ unpatched
High
PinTheft: RDS Double-Free → LPE
Linux kernel (RDS subsystem + io_uring) unpatched
Critical
TossUp — TerraMaster TOS Unauthenticated Redis Root RCE + NFS LPE
N/A (vendor confirmed TOS4 is EOL; no fix planned)· TerraMaster TOS3_A1.0 4.2.41, Redis 4.0.10 unpatched
High
DirtyDecrypt / DirtyCBC — rxgk Page-Cache Write (Dirty Pipe Variant)
N/A (reported as duplicate by kernel maintainers; patched on mainline)· Linux kernel — net/rxrpc (rxgk_decrypt_skb) unpatched
High
Chrome WebGPU Use-After-Free (CVE-2026-5281)
CVE-2026-5281· Google Chrome / Chromium WebGPU (Dawn backend) unpatched
Medium
Windows NTLM Hash Disclosure via File Explorer - CVE-2025-24054
CVE-2025-24054· Windows File Explorer (Windows Shell) patched
High
Windows MMC MSC EvilTwin - CVE-2025-26633
CVE-2025-26633· Microsoft Management Console (MMC), Windows patched
High
Windows Kernel Elevation of Privilege - Race Condition / Double-Free (CVE-2025-62215)
CVE-2025-62215· Windows Kernel (ntoskrnl.exe / kernel resource synchronization) patched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706· Microsoft SharePoint Server patched
Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182· Next.js (App Router with React Server Components), React patched
Critical
Palo Alto PAN-OS GlobalProtect Unauthenticated RCE (CVE-2024-3400)
CVE-2024-3400· Palo Alto Networks PAN-OS GlobalProtect gateway patched
Low
Next.js x-nextjs-data Cache Poisoning (CVE-2026-44572)
CVE-2026-44572· Next.js Pages Router (redirect handling via middleware or next.config.js) patched
High
Next.js WebSocket Upgrade SSRF (Self-Hosted) (CVE-2026-44578)
CVE-2026-44578· Next.js standalone router server (next start) unpatched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870· Next.js App Router (React server-action / RSC reply parser) unpatched
Medium
Next.js RSC Response Cache Poisoning (CVE-2026-44576)
CVE-2026-44576· Next.js App Router deployments using React Server Components (RSC) behind shared caches patched
Low
Next.js RSC Cache-Busting Weak Hash Collision (CVE-2026-44582)
CVE-2026-44582· Next.js App Router patched
Medium
Next.js Image Optimization API OOM DoS (Self-Hosted) (CVE-2026-44577)
CVE-2026-44577· Next.js Image Optimization API (/_next/image) on self-hosted deployments unpatched
High
Next.js i18n Middleware Bypass (CVE-2026-44573)
CVE-2026-44573· Next.js Pages Router with i18n configuration unpatched
High
Next.js Dynamic Route Injection Auth Bypass (CVE-2026-44574)
CVE-2026-44574· Next.js App Router with dynamic route segments and middleware-based access control unpatched
Medium
Next.js CSP Nonce Cache-Poisoned XSS (CVE-2026-44581)
CVE-2026-44581· Next.js App Router applications using CSP nonces patched
High
Next.js Cache Components Connection Exhaustion DoS (CVE-2026-44579)
CVE-2026-44579· Next.js applications using Cache Components / Partial Prerendering (PPR) patched
Medium
Next.js beforeInteractive Script XSS (CVE-2026-44580)
CVE-2026-44580· Next.js applications using next/script with strategy="beforeInteractive" patched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575· Next.js App Router applications that rely on middleware.ts matchers to protect routes patched
High
Linux vsock Use-After-Free VM Escape (CVE-2025-21756)
CVE-2025-21756· Linux kernel (vsock / virtual socket subsystem) patched
High
Linux nf_tables Use-After-Free Local Privilege Escalation (CVE-2024-1086)
CVE-2024-1086· Linux kernel (netfilter nf_tables subsystem) patched
Critical
Jenkins CLI Arbitrary File Read to RCE (CVE-2024-23897)
CVE-2024-23897· Jenkins controller (CLI endpoint) unpatched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282· Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways unpatched
Critical
IngressNightmare - Kubernetes Ingress-NGINX Unauthenticated RCE
CVE-2025-1974 (primary); also CVE-2025-1097, CVE-2025-1098, CVE-2025-24514· Kubernetes Ingress-NGINX Controller (ingress-nginx) unpatched
Critical
Fortinet FortiManager FortiJump Unauthenticated RCE (CVE-2024-47575)
CVE-2024-47575· Fortinet FortiManager / FortiManager Cloud (fgfmd daemon) unpatched
Critical
Fortinet FortiCloud SSO Authentication Bypass
CVE-2025-59718, CVE-2025-59719 (Advisory: FG-IR-25-647)· Fortinet FortiOS, FortiProxy, FortiSwitchManager (FortiCloud SSO feature) unpatched
Critical
Erlang/OTP SSH Pre-Auth RCE - CVE-2025-32433
CVE-2025-32433· Erlang/OTP SSH server daemon patched
High
Copy Fail Linux Kernel Local Privilege Escalation (CVE-2026-31431)
CVE-2026-31431· Linux kernel (crypto / AF_ALG AEAD path) unpatched
Critical
Confluence SSTI RCE - CVE-2023-22527
CVE-2023-22527· Atlassian Confluence Data Center and Confluence Server patched
High
Confluence Post-Auth RCE - CVE-2024-21683
CVE-2024-21683· Atlassian Confluence Data Center and Server unpatched
Critical
Azure Networking Privilege Escalation via Missing Privilege Check
CVE-2025-54914· Microsoft Azure Networking service (GetRouteTable API) patched
Critical
Apache httpd mod_http2 Double-Free Pre-Auth RCE - CVE-2026-23918
CVE-2026-23918· Apache HTTP Server (httpd) with mod_http2 patched
Critical
Windows OLE Zero-Click RCE via Outlook RTF (CVE-2025-21298)
CVE-2025-21298· Microsoft Windows OLE (ole32.dll) as reached by Outlook/Word RTF parsing patched
Critical
VMware vCenter Server DCE/RPC Heap Overflow RCE (CVE-2024-37079)
CVE-2024-37079· VMware vCenter Server patched
Medium
VMware ESXi Active Directory Authentication Bypass (CVE-2024-37085)
CVE-2024-37085· VMware ESXi hosts joined to Microsoft Active Directory unpatched
Critical
QEMUtiny - QEMU CXL Type-3 Memory Corruption Chain
QEMU CXL Type-3 device emulation (hw/cxl/cxl-mailbox-utils.c) unpatched
Critical
Palo Alto PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108· Palo Alto Networks PAN-OS management web interface patched
High
OpenSSH regreSSHion Signal-Handler Race Unauthenticated RCE (CVE-2024-6387)
CVE-2024-6387· OpenSSH server daemon (sshd) on glibc-based Linux patched
Critical
Fortinet FortiOS SSL VPN Unauthenticated RCE (CVE-2024-21762)
CVE-2024-21762· Fortinet FortiOS SSL VPN (sslvpnd) patched
Critical
Fortinet FortiOS / FortiProxy Authentication Bypass (CVE-2024-55591)
CVE-2024-55591· Fortinet FortiOS/FortiProxy management interfaces unpatched
Critical
cPanel & WHM Authentication Bypass via Session-File CRLF Injection (CVE-2026-41940)
CVE-2026-41940· cPanel & WHM patched
Critical
Citrix NetScaler CitrixBleed 2 Session Token Disclosure (CVE-2025-5777)
CVE-2025-5777· Citrix NetScaler ADC / NetScaler Gateway login interface patched
High
Chrome CSSFontFeatureValuesMap Use-After-Free (CVE-2026-2441)
CVE-2026-2441· Google Chrome / Chromium-based browsers (Blink CSS engine) unpatched
Critical
Apache Parquet Java Unsafe Deserialization RCE (CVE-2025-30065)
CVE-2025-30065· Apache Parquet Java (parquet-avro) schema parsing consumers unpatched
Critical
Adobe Acrobat/Reader Prototype Pollution Sandbox Escape (CVE-2026-34621)
CVE-2026-34621· Adobe Acrobat DC / Adobe Acrobat Reader DC / Adobe Acrobat 2024 JavaScript engine sandbox boundary unpatched
High
WinRAR Archive Extraction Path Traversal (CVE-2025-6218)
CVE-2025-6218· WinRAR archive extraction workflow unpatched
High
RedSun Privileged File Write (CVE-2026-33825)
CVE-2026-33825· Microsoft Defender Antivirus (real-time protection) on Windows with Cloud Files APIs patched
Critical
Next.js Corrupt Middleware Auth Bypass (CVE-2025-29927)
CVE-2025-29927· Next.js (Vercel) patched
High
MiniPlasma - Windows Cloud Files Mini Filter Driver LPE (CVE-2020-17103)
CVE-2020-17103· Windows Cloud Files Mini Filter Driver (cldflt.sys) / cldapi.dll unpatched
Critical
LDAP Nightmare — Windows LDAP Client RCE/DoS (CVE-2024-49113)
CVE-2024-49113· Microsoft Windows LDAP client / Netlogon interaction path patched
Critical
HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)
CVE-2021-31166· Microsoft Windows HTTP Protocol Stack (http.sys) patched
Medium
Exchange Health Checker Outbound Rule Blind Spot (CVE-2026-42897)
CVE-2026-42897· Microsoft CSS-Exchange Health Checker (HealthChecker.ps1) unpatched
High
CVE-2024-21338 — Local Privilege Escalation from Admin to Kernel
CVE-2024-21338· Microsoft Windows AppLocker driver path (\\Device\\AppID) patched
High
BlueHammer Defender Local Privilege Escalation (CVE-2026-33825)
CVE-2026-33825· Microsoft Defender Antivirus update/scan workflow on Windows patched
High
BlueDucky — Unauthenticated Peering Leading to Code Execution (CVE-2023-45866)
CVE-2023-45866· Bluetooth HID host implementations vulnerable to CVE-2023-45866 patched
Critical
NGINX Rift — Heap Buffer Overflow RCE (CVE-2026-42945)
CVE-2026-42945· NGINX Open Source / NGINX Plus unpatched
High
Linux XFRM ESP-in-TCP Local Privilege Escalation (Fragnesia)
CVE-2026-46300· Linux kernel (XFRM ESP-in-TCP subsystem) unpatched
Critical
Dirty Frag: Linux XFRM/RxRPC Page Cache Write Chain LPE
CVE-2026-43500, CVE-2026-43284· Linux kernel patched