CISA has added CVE-2026-31431, a Linux kernel privilege-escalation flaw dubbed 'CopyFail', to its Known Exploited Vulnerabilities catalog after active exploitation was detected. Discovered by Theori's AI-powered pen-testing platform Xint, the bug allows low-privileged users to gain full root access by exploiting how the kernel handles certain cryptographic operations. A reliable Python-based proof-of-concept exploit works unmodified across Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16, and every mainstream Linux kernel built since 2017 is potentially in scope. Microsoft Defender is already observing preliminary testing activity. Federal agencies have been ordered to patch by May 15.
Sort: