diff --git a/files/common/etc/modprobe.d/dirty-frag.conf b/files/common/etc/modprobe.d/dirty-frag.conf
new file mode 100644
index 000000000..0a22210f8
--- /dev/null
+++ b/files/common/etc/modprobe.d/dirty-frag.conf
@@ -0,0 +1,7 @@
+# Disable esp4, esp6, rxrpc modules due to CVE-2026-43500 (dirty frag)
+# This will likely be re-enabled in a subsequent update once an updated
+# kernel has been deployed.
+# Blacklisting the module isn't sufficient, we need to do as below:
+install esp4 /bin/false
+install esp6 /bin/false
+install rxrpc /bin/false
\ No newline at end of file