The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux vulnerability, tracked as CVE-2026-31431, to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in the wild. The flaw affects a wide range of Linux distributions and poses a significant risk to systems globally.
Known as “Copy Fail,” the vulnerability enables local attackers with minimal privileges to escalate access to full root control. Security researchers demonstrated that the exploit can be executed using a lightweight script, making it both accessible and highly dangerous across environments running affected Linux kernels.
The flaw impacts Linux systems dating back to 2017 and stems from a weakness in the kernel’s cryptographic subsystem. By exploiting this issue, attackers can manipulate system memory and modify privileged binaries, effectively bypassing standard security protections.
CISA’s inclusion of the vulnerability in its KEV catalog indicates confirmed real-world attacks and triggers urgent remediation requirements, particularly for federal agencies. Organizations are being advised to apply patches immediately or implement mitigation measures to reduce exposure.
The rapid exploitation of this flaw highlights the increasing speed at which vulnerabilities are weaponized, especially as automated tools and AI-assisted discovery accelerate threat development. It also reinforces the importance of timely patch management and proactive security monitoring in modern IT environments.
 has added a critical Linux vulnerability, tracked as CVE-2026-31431...){kind=link}