Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Three Linux kernel privilege escalations have become public in the past two weeks: Copy Fail (CVE-2026-31431) on April 29, Dirty Frag (CVE-2026-43284 and CVE-2026-43500) on May 7, and Fragnesia (CVE-2026-46300) on May 13. All three turn an unprivileged shell user into root. On shared hosting, any one of them can promote a single compromised customer account into a full-server compromise.