Researcher Asim Manizada disclosed CIFSwitch, a Linux kernel local privilege escalation in the CIFS / SMB client's SPNEGO upcall path. The bug has been latent in the kernel since 2007 and the public proof-of-concept (manizada/CIFSwitch) shipped together with the oss-security disclosure on 2026-05-28. On affected hosts, any unprivileged local user can use it to gain root in a single command. The vulnerability is tracked as CVE-2026-46243.

Researcher Aaron Esau and the V12 Security team disclosed PinTheft, a Linux kernel local privilege escalation that chains an RDS zerocopy reference-count bug with io_uring fixed buffers to overwrite the page cache of a SUID-root binary. A public proof-of-concept is available. Any unprivileged local user on an affected host can use it to gain root.

Running a hosting company today isn’t what it was ten years ago. Back then, if you offered decent uptime and reliable support, you were ahead of most of the market. Now, the dial has shifted. Customers don’t just want fast servers, they want peace of mind too. They want to know that their sites are secure, their data is protected, and that their business won’t suffer from an attack or breach.

If you run a hosting business, you know how tough security is. It can feel as though attacks become more sophisticated by the day, with bots launching brute-force attacks on login pages, malware sneaking in through outdated plugins and well-made phishing attempts aimed at your customers.