CIFSwitch (cifs.spnego LPE) is a missing-validation bug in the Linux kernel CIFS client that lets an unprivileged local user gain root on hosts with cifs-utils installed and unprivileged user namespaces permitted. CloudLinux 9 is confirmed exploitable; CL7h/CL8/CL10/CL-for-Ubuntu are exposed under the same conditions but have not been directly tested; CL7 is not affected. Mitigation, patched kernels and a KernelCare livepatch are available — instructions inside.

CloudLinux 9.8 is now generally available. It tracks AlmaLinux OS 9.8 (“Olive Jaguar”) with the upstream 5.14 kernel, refreshed compiler toolchains, and new Python 3.14, MariaDB 11.8, and PostgreSQL 18 versions. The CloudLinux LVE stack, mod_lsapi, and PHP/Python/Node.js Selector packages have been rebuilt against the new kernel.

CloudLinux 10.2 is now generally available. It tracks AlmaLinux OS 10.2 (“Lavender Lion”) with the upstream 6.12 kernel, refreshed compiler toolchains, and new Python 3.14, MariaDB 11.8, and PostgreSQL 18 versions. The CloudLinux LVE stack, mod_lsapi, and PHP/Python/Node.js Selector packages have been rebuilt against the new kernel.

A purpose-built virtual assistant — trained on our own knowledge base — is changing how customers get answers.

On April 29, 2026, a Linux kernel privilege escalation called Copy Fail (CVE-2026-31431) became public on the oss-security mailing list. A short Python script, runnable by any unprivileged user, returned a root shell on most enterprise Linux servers running kernels from 2017 onward.

Researcher Aaron Esau and the V12 Security team disclosed PinTheft, a Linux kernel local privilege escalation that chains an RDS zerocopy reference-count bug with io_uring fixed buffers to overwrite the page cache of a SUID-root binary. A public proof-of-concept is available. Any unprivileged local user on an affected host can use it to gain root.

VPS is the biggest growth opportunity in hosting right now. According to the 2026 Web Hosting Trends Report, 65% of providers reported revenue growth last year and 26% rank VPS as their top growth category. The demand is there. The customers are signing up.

Right after the kernel privilege-escalation chain in the XFRM/ESP subsystem (Copy Fail, Dirty Frag, Fragnesia), Qualys disclosed a different Linux kernel issue. This time in the ptrace access-check path. CVE-2026-46333 is reserved for tracking this vulnerability. A public proof-of-concept exists. An unprivileged local user on an affected host can use it to read root-owned secrets (SSH host private keys and the shadow password database) without obtaining root privileges directly.

Less than a week after Dirty Frag, researcher William Bowling and the V12 team disclosed a third Linux kernel local privilege escalation in the same broad area (XFRM / ESP) and named it Fragnesia. A working public proof-of-concept exists. Any unprivileged local user can use it to gain root in a single command.

A week after Copy Fail (CVE-2026-31431), researcher Hyunwoo Kim disclosed a second Linux kernel local privilege escalation in the same broad area — IPsec ESP and rxrpc — and named it Dirty Frag. A working public proof-of-concept exists; any unprivileged local user can use it to gain root in a single command.