#privilege-escalation

8/10

A use-after-free vulnerability (CVE-2026-57589) has been discovered in OpenBSD, allowing a local attacker to escalate privileges to root. This vulnerability is significant because OpenBSD is renowned for its security focus, and a local privilege escalation bug could undermine that reputation. It affects all systems running the vulnerable version. The vulnerability was discovered as part of the 'Patch The Planet' initiative by OpenAI and Trail of Bits. Details are currently limited; the OpenBSD security page does not yet list it.

DirtyClone Linux Kernel Bug Lets Local Users Gain Root Access

research.jfrog.com · ⭐️ 8/10 · 2026-06-28

8/10

Security researchers at JFrog disclosed a new Linux kernel local privilege escalation vulnerability named DirtyClone (CVE-2026-43503), which allows unprivileged local users to gain root access by exploiting a flaw in socket buffer cloning that loses the SKBFLSHAREDFRAG flag. This vulnerability is critical because it affects widely-used Linux distributions with default unprivileged user namespaces, such as Debian, Ubuntu, and Fedora, and can be exploited without leaving kernel logs or audit traces, making it especially dangerous for multi-tenant cloud environments and Kubernetes clusters. The vulnerability was patched in Linux kernel v7.1-rc5 on May 21, 2026; mitigations include disabling unprivileged user namespaces via kernel.unprivilegedusernsclone=0 or blocking the esp4, esp6, and rxrpc kernel modules.