Mon, 25 May 2026 01:37 AM UTC: Further updated kernels are now available on our hosts. These have tested as safe to all versions of this vulnerability we are aware of. We recomend if possible all customers reboot into our latest default kernels as described below.

Mon, 18 May 2026 02:05 AM UTC: Our latest kernels are beleived to be secure from the original bug, There is ongoing work by developers to patch this class of issues so we dont see them any more.

Fri, 15 May 2026 00:38 AM UTC: Added namespace mitigation instructions below.

---

A serious Linux kernel vulnerability has been publicly disclosed:

https://github.com/v12-security/pocs/tree/main/fragnesia

This issue has been allocated CVE-2026-46300, also known as Fragnesia. This targets the same components as the recently disclosed Dirtyfrag, but is a different vulnerability.

• It does *not* affect our latest 4.14 kernels
• Affects all servers running recent Linux kernels
• including servers that have already been rebooted with a kernel patched for the Dirtfrag vulnerability.

In practical terms, if an actor can run code inside a vulnerable VPS, for example through a compromised website, shell account, or application, this bug may allow them to take full control of that VPS.

Mitigations

Where a server is using a modular kernel, you should also check with the distributor as soon as possible for updates and additional mitigation steps.

On RimuHosting VPSs, it is possible to substantially mitigate this attack by preventing user accounts from creating their own namespaces. Running the following command will block those until the next reboot.

sysctl -w user.max_user_namespaces=0

This may impact the normal operation of containers and services that depend on namespaces, including in some cases ipsec tunnels.

The exploit modifies the memory used by legitimate system binaries (the public PoC overwrites /usr/bin/su in the page cache as part of gaining root), so applying the mitigation alone is not enough on systems that may have been targeted before it was put place. A reboot is recomend in that case, followed by reapplying the mitigation (unless a patched kernel as details below is now running)

Fixed kernels

We have released patched kernels on all our hosts. A reboot will be required to use those. VPSs should be restarted from our control panel.

• Control panel restart: https://rimuhosting.com/cp/vps/restart.jsp
• Kernel selection page: https://rimuhosting.com/cp/vps/kernel.jsp

You can verify which kernel your VM is running using the command 'uname -r', it will look something like this...:

6.18.0-really33-rh-20260524215627.xenU.x86_64

Patched kernels will show a build date of 20260524 or newer. Those digits represent the build date: 2026 May 24th.

Ongoing work

We are continuing to review solutions for this vulnerability, and will be providing updates and further recomendations here. Please subscribe to this notice for updates.