MEDIUMVulnerability
Global

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

·Source: The Hacker News

Updated:

Executive Summary

Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no network

Analysis

Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no network

Indicators of Compromise (1)

CVE (1)
CVE-2026-43499
Source Attribution

Originally published by The Hacker News on Jul 8, 2026.

Related Threats