The most severe Linux threat to surface in years catches the world flat-footed

A critical Linux kernel vulnerability (CVE-2026-31431, dubbed CopyFail) has been publicly disclosed along with working exploit code that grants root access across virtually all Linux distributions. Discovered by Theori researchers, the local privilege escalation flaw was privately reported to the Linux kernel team five weeks before public release. Patches exist in several kernel versions (7.0, 6.19.12, 6.18.12, and others), but most distributions had not yet incorporated the fixes when the exploit dropped. A single Python script exploits Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12 without modification, enabling attackers to break out of Kubernetes containers, compromise multi-tenant servers, and inject malicious code into CI/CD pipelines.