Book a meeting

› 11:34:45 NCSC-NL CVE-2026-20230 Cisco Unified Communications Manager · › 06:28:25 CERT-EE — May saw the highest number of cyber incidents with an impact recorded… · › 14:18:39 CCB CVE-2026-7312 Multiple Critical Vulnerabilities in Progress Sitefinity · › 11:52:25 BSI CVE-2026-40385 libexif: Mehrere Schwachstellen ermöglichen Denial of Service und Off… · › 11:52:24 BSI CVE-2026-25679 Golang Go: Mehrere Schwachstellen ermöglichen nicht spezifizierten An… · › 11:52:23 BSI CVE-2025-61732 Golang Go: Mehrere Schwachstellen · › 11:52:22 BSI CVE-2025-61726 Golang Go: Mehrere Schwachstellen · › 11:47:39 BSI CVE-2026-33845 GnuTLS: Mehrere Schwachstellen · › 11:47:37 BSI CVE-2026-34986 Red Hat Enterprise Linux (go-jose): Schwachstelle ermöglicht Denial o… · › 11:47:35 BSI CVE-2026-33186 Red Hat OpenShift Container Platform (gRPC-Go): Schwachstelle ermögli… · › 11:47:33 BSI CVE-2026-27140 Golang Go: Mehrere Schwachstellen · › 11:47:32 BSI CVE-2026-35385 OpenSSH: Mehrere Schwachstellen ·

← Back to console

High CERT-EU CVE-2026-31431

High Vulnerability in the Linux Kernel ("Copy Fail")

Published 30 April 2026 at 09:25

Description

On 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named "Copy Fail", was publicly disclosed. The vulnerability affects every mainstream Linux distributions shipping a kernel built since 2017. A public proof-of-concept exploit has been released. As of the date of this advisory, no distribution has shipped a fixed kernel package. The mainline fix was committed on 1 April 2026, but vendor updates are still pending across all major distributions. CERT-EU strongly recommends applying the interim mitigation immediately, prioritising Kubernetes nodes, and CI/CD runners exposed to untrusted workloads.