Patch Tuesday, May 2026 Edition

What is the Linux Dirty Frag zero-day and which kernels are affected?

Dirty Frag is a Linux kernel zero-day enabling local root on Ubuntu, Debian, RHEL, and SUSE distributions running kernels 5.15 through 6.8. It abuses memory fragmentation in the page allocator; admins should apply vendor patches released May 2026 and audit for local privilege escalation indicators.

How does the Palo Alto Networks PAN-OS firewall zero-day work and what's the patch?

Palo Alto Networks disclosed a critical PAN-OS firewall remote code execution zero-day exploited in the wild for nearly a month before patching. Affected branches include PAN-OS 10.2, 11.0, and 11.1; administrators should apply hotfixes immediately, rotate credentials, and hunt for the published indicators of compromise.

What CVEs were fixed in Microsoft Patch Tuesday May 2026?

Microsoft's May 2026 Patch Tuesday addressed multiple vulnerabilities across Windows, Exchange, and Office, including at least one actively exploited Exchange zero-day. Administrators should prioritize the Exchange and Windows kernel patches; the full list ranks each CVE by CVSS score, exploitation status, and affected product.

What is the Microsoft Exchange zero-day exploited at Pwn2Own 2026?

On day two of Pwn2Own 2026, researchers successfully compromised Microsoft Exchange and Windows 11, prompting Microsoft to warn of an actively exploited Exchange zero-day. Affected versions span Exchange Server 2019 and Subscription Edition; emergency mitigations are available while a full patch is pending.