Is there any additional info on where it was "published publicly by an unrelated third party"? From the timeline in the writeup:
> 2026-05-07: Submitted detailed information about the vulnerability and the exploit to the linux-distros mailing list. The embargo was set to 5 days, with an agreement that if a third party publishes the exploit on the internet during the embargo period, the Dirty Frag exploit would be published publicly.
> 2026-05-07: Detailed information and the exploit for this vulnerability were published publicly by an unrelated third party, breaking the embargo.
Edit: nevermind, details are further down in the thread:
https://openwall.com/lists/oss-security/2026/05/07/12
And
People are blaming the guy who wrote the exploit for breaking the embargo but it was actually broken in Linux by publishing a fix [1]:
> on 2026-05-05 Steffen Klassert pushed f4c50a4034 to netdev/net.git with Cc: stable@vger.kernel.org.
Once a fix is out it's usual for researchers to race to make the first exploit out of it.
[1] https://afflicted.sh/blog/posts/copy-fail-2.html