Act
active
Dirty Frag CVE-2026-43284: Linux LPE with Public PoC, EPSS 0.93
- Engineer — Act: EPSS 0.93 plus a public GitHub PoC makes exploitation practical now — patch the Linux kernel to the distro-provided fixed package (check RHEL, Ubuntu, Debian advisories) across all Linux hosts and container base images within your patch window.
- SOC/IR — Act: With a public PoC and EPSS 0.93, exploitation attempts are likely imminent; hunt for anomalous privilege escalation events on Linux endpoints since PoC publication and tune EDR/SIEM rules for kernel LPE behavior patterns.
- Leader — Plan: A second high-severity Linux LPE with a public PoC in eight days signals a pattern worth tracking; confirm your Linux patch cadence will address this within days and assess the size of your externally accessible Linux estate.
- Signals: CVE-2026-43284 — CISA KEV: not listed, EPSS 0.93, public PoC on GitHub
This entry was curated and judged by AI (Claude) with automated enrichment
(CISA KEV / EPSS / public PoC). Verify against the original source before
acting. Found a bad verdict?
Report it —
confirmed errors go to the corrections log.