- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Linux flaw to its exploit catalog on May 3, 2026.
- The vulnerability, CVE-2026-31431 (“Copy Fail”), allows unprivileged local users to gain root access by corrupting system memory.
- Exploit code is readily available, and the bug poses a severe threat to containerized cloud environments like Docker and Kubernetes.
- Federal agencies have been ordered to patch by May 15, 2026, as active exploitation is already underway.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially flagged a severe Linux kernel vulnerability for active exploitation on May 3, 2026, urging immediate action across federal and private systems. This flaw, tracked as CVE-2026-31431 and dubbed Copy Fail, permits local users to escalate privileges to root level with minimal effort.
According to researchers, the bug stems from a nine-year-old logic error in the kernel’s authentication cryptographic template. Consequently, a 732-byte Python script can reliably trigger the escalation by corrupting the kernel’s in-memory page cache of any readable file.
The vulnerability impacts Linux distributions shipped since 2017. Wiz explained that modifying the page cache “enables attackers to inject code into privileged binaries and thereby gain root privileges.”
Meanwhile, the risk is particularly acute in cloud environments. Kaspersky warned the flaw “poses a risk of breaching container isolation and gaining control over the physical machine.” Exploitation does not require complex techniques, lowering the barrier for attackers.
Proof-of-concept exploit code is publicly available, with Go and Rust variants already detected. The Microsoft Defender Security Research Team stated it is “seeing preliminary testing activity that might result most likely in increased threat actor exploitation over the next few days.”
Federal Civilian Executive Branch agencies must apply fixes by May, 15, 2026. If patching is delayed, organizations should disable the affected feature, implement network isolation, and apply strict access controls.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
