CVE‑2026‑40369 is an arbitrary kernel‑address write bug in ntoskrnl.exe that lets a low‑privilege attacker invoke NtQuerySystemInformation from the Chrome sandbox to gain SYSTEM rights on vulnerable Windows 11 and Server 2025 builds, with a fully functional PoC released on GitHub.
The article details the ssh-keysign-pwn vulnerability (CVE‑2026‑46333), explaining its exit‑mm/exit‑files race condition, how ordinary users can steal SSH host keys and /etc/shadow via pidfd_getfd, the affected Linux distributions, exploit steps, mitigation measures, and the broader context of May 2026 kernel security disclosures.
Dirty Frag is a newly disclosed Linux kernel page‑cache write bug that combines xfrm‑ESP and RxRPC primitives to deterministically corrupt struct sk_buff‑frag, allowing an unprivileged local user to gain root without race conditions, works across major distributions, and can be mitigated by disabling the affected modules.
The RedSun proof‑of‑concept demonstrates that when Windows Defender detects a malicious file marked with a cloud‑based detection tag, it may rewrite the file to its original location instead of isolating it, allowing an attacker to replace system files and obtain administrator privileges.
