“Bad Epoll” (CVE-2026-46242): A Use-After-Free in the Linux Kernel’s epoll Subsystem
On July 3, 2026, a Linux kernel vulnerability nicknamed “Bad Epoll” became public: CVE-2026-46242, a use-after-free bug in the kernel’s eventpoll subsystem — the same epoll mechanism that powers the event loops behind Redis, Nginx, and Node.js, as explained in our companion guide, What Is epoll?. The bug is a local privilege escalation vulnerability, rated CVSS 3.1 7.8 (High), meaning it … Read more