Similar to Dirty Frag, Fragnesia (CVE-2026-46300) is a local privilege escalation hole that exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write primitive in the kernel. XFRM is an IP framework intended for packet transformations, and ESP-in-TCP (Encapsulating Security Payload in TCP) is a networking technique used to encapsulate IPsec ESP packets inside TCP segments.
A proof of concept (PoC) exploit is already publicly available.
The good news, Beggs said, is that the vulnerability can’t be exploited remotely. An attacker needs local access to trigger specific code paths and be able to control local socket operations and manipulate packet fragmentation.
Still, he added, any unprivileged user can exploit the bug on a vulnerable system to corrupt security-sensitive files in memory, such as privileged access management configuration, password, systemd service files, or cron jobs. Although the attacker cannot modify the file on the disk, modifying in-memory files can trick privileged processes, alter system behavior, execute arbitrary code, and escalate privileges on the system, he said.
