Skip to content

GhostLock (CVE-2026-43499): 15-Year-Old Linux Kernel Vulnerability Enables Root Access

The bottom line: A 15-year-old kernel vulnerability present by default in Linux distributions allows locally authenticated users to gain full root control without special privileges or configurations.

Researchers from Nebula Security have disclosed GhostLock (CVE-2026-43499) — a kernel vulnerability present in practically all major Linux distributions since 2011 that grants local authenticated users root privileges.

The GhostLock vulnerability (CVE-2026-43499) has existed since 2011 and is present in the standard kernels of all major Linux distributions. The vulnerable code has remained unpatched since then and represents a widespread security risk.

Exploitation requires no special privileges, unusual configurations, or network access. Any locally authenticated user can exploit the vulnerability directly. This enables full root control over the affected system — critical especially for multi-tenant systems and container environments where regular users already have access.

For CISOs, this means immediate inventory of affected systems and prioritized patch rollouts. Systems with restricted user access are equally affected as those with container deployments, as container escapes are possible. A mitigation strategy should review access controls for local users and promptly deploy available patches from distributors.


Source: thehackernews.com · Published 8 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.3.

Share on: