CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

2026-05-03

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

CISA added CVE-2026-31431, a local privilege escalation vulnerability in the Linux kernel, to its Known Exploited Vulnerabilities catalog due to active exploitation.

•The vulnerability, called Copy Fail, stems from a logic bug in the kernel's cryptographic template, allowing unprivileged users to gain root access via a 732-byte exploit.
•Copy Fail corrupts the kernel's in-memory page cache to inject code into privileged binaries, impacting all Linux distributions since 2017.
•The vulnerability is particularly dangerous in containerized environments where Docker, LXC, and Kubernetes grant AF_ALG subsystem access by default.
•Proof-of-concept exploits in Python, Go, and Rust versions are publicly available, and attackers are already conducting preliminary testing.

This summary was automatically generated by AI based on the original article and may not be fully accurate.

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)