May 10, 2026 The Apache Software Foundation released an emergency security patch on May 5, 2026, to address CVE-2026-23918, a critical HTTP/2 double-free vulnerability in the Apache HTTP Server that enables remote code execution (RCE). With a CVSS v3.1 score of 8.8/10, this memory corruption flaw affects approximately 70% of web servers globally, particularly Linux-based […]
Dirty Frag Linux Kernel Vulnerability Grants Root Access
May 8, 2026 A critical local privilege escalation vulnerability known as Dirty Frag (CVE-2026-43284) has been disclosed, affecting the Linux kernel’s xfrm-ESP subsystem. First reported to the Linux kernel maintainers on April 30, 2026, this vulnerability enables unauthorized users to escalate to root privileges on major Linux distributions, including Ubuntu, Debian, Cloud Linux, and others. […]