24h | 7d | 30d

CVE-2026-31431

Overview

  • Linux
  • Linux
22 Apr 2026
Published
03 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
2.26%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 28 Posts
  • 53 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
Jan Schaumann @jschauma

Le sigh. Every time we go around and have to do this again and manually figure out wtf each of the ten thousand linux distributions provides their security updates and current status.

Spending my Saturday morning searching for CVE-2026-31431 and "copyfail" patch status is just 👍.

Anyway, here's what I have so far:

  • 15
  • 14
  • 0
  • 20h ago
Profile picture fallback
Jan Schaumann @jschauma

Alma - almalinux.org/blog/2026-05-01-
fixed

Alpine - security.alpinelinux.org/vuln/
fixed (per fosstodon.org/@alpinelinux/116)

Arch - security.archlinux.org/CVE-202
security.archlinux.org/AVG-2908
fixed in linux 6.19.12-1

Centos - pending RedHat: bugzilla.redhat.com/show_bug.c
?

Debian - security-tracker.debian.org/tr
13 (Trixie), 12 (bookworm), 11 (bullseye) all still vulnerable, but fixed in security releases

#copyfail

  • 1
  • 3
  • 0
  • 20h ago
Profile picture fallback
Jan Schaumann @jschauma

Fedora - bugzilla.redhat.com/show_bug.c
"For any Fedora users finding a link here: this was fixed in kernel 6.19.12, and all current Fedora branches are already at or past that version."

Gentoo - bugs.gentoo.org/973385

Kali - should have it by tracking Debian security

Suse / OpenSuse etc. - suse.com/security/cve/CVE-2026

RedHat - access.redhat.com/security/cve
relevant for various downstreams

#copyfail

  • 1
  • 3
  • 0
  • 20h ago
Profile picture fallback
Jérémy Lecour @jlecour

Un kernel Linux patché est disponible pour Debian 11 (5.10.251-3), Debian 12 (6.1.170-1) et Debian 13 (6.12.85-1) : security-tracker.debian.org/tr
Pour Debian 9 et 10 il faut suivre les paquets de Freexian : deb.freexian.com/extended-lts/
#CopyFail #Debian

  • 1
  • 2
  • 0
  • 21h ago
Profile picture fallback
OSTechNix @ostechnix

Learn how to fix Copy Fail (CVE-2026-31431) in Ubuntu and Linux Mint. Copy Fail vulnerability allows any local user gain root access on Linux.

Full details here: ostechnix.com/fix-copy-fail-cv

#Copyfail #CVE202631431 #Ubuntu #Linuxmint #Security #Linuxkernel

  • 1
  • 1
  • 0
  • 18h ago
Profile picture fallback
Shibastronaute :verified:đŸš©đŸŽ @Shibanarchiste

« Mettez à jour le paquet du noyau de votre distribution avec une version incluant le #commit a664bf3d603d de la branche principale », expliquent les chercheurs, « la plupart des principales distributions proposent désormais ce correctif », comme #Debian (security-tracker.debian.org/tr) (Forky et Sid), #Ubuntu (ubuntu.com/security/CVE-2026-3), par exemple mais la mise en place est encore en cours chez #RedHat (access.redhat.com/security/cve) et #Suse.

Fin de l'article.

10/

#Patch #Linux #Ubuntu #CopyFail #Root #Cybersecurity #Docker #Kubernetes

  • 0
  • 2
  • 0
  • 19h ago
Profile picture fallback
Vito Botta @vitobotta

Nine years in the Linux kernel and nobody noticed. "Copy Fail" (CVE-2026-31431) lets any local user grab root in seconds. CISA just added it to KEV. Working exploits for Ubuntu, Amazon Linux, RHEL, SUSE. Patch. - cisa.gov/news-events/alerts/20

  • 0
  • 2
  • 0
  • 16h ago
Profile picture fallback
Michele Agostinelli @magostinelli

Altro giro di aggiornamenti su vari server per #copyfail #CVE-2026-31431

  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback
Jan Schaumann @jschauma

Rocky - kb.ciq.com/article/rocky-linux
(couldn't find an official link)

Slackware - nothing on slackware.com/security/list.ph

Ubuntu - ubuntu.com/security/CVE-2026-3
all around very unclear

#copyfail - ¯\_(ツ)_/¯

  • 0
  • 1
  • 0
  • 20h ago
Profile picture fallback
@990000@mstdn.social @990000

I can't tell how dangerous Linux CVE-2026-31431 is, given it's just "local privilege escalation," but updating all my web servers anyway I guess đŸ€·đŸ»â€â™‚ïž

#Linux #Ubuntu

  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
Cyclone @cyclone

Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.

All that is needed is local shell access and a few lines of python.

forum.hashpwn.net/post/12727

  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
Shibastronaute :verified:đŸš©đŸŽ @Shibanarchiste

C’est l’entreprise de sĂ©curitĂ© Xint.io qui a rĂ©vĂ©lĂ© (xint.io/blog/copy-fail-linux-d), ce mercredi 29 avril, cette vulnĂ©rabilitĂ© (CVE-2026-31431, d’une sĂ©vĂ©ritĂ© Ă©levĂ©e de 7,8/10) permettant une Ă©lĂ©vation des privilĂšges en local.

Le score n’est « que » de 7,8 car le vecteur d’attaque est local (AV:L) : il faut dĂ©jĂ  avoir un accĂšs local sur la machine, ici un compte utilisateur. La mĂȘme avec une attaque depuis le rĂ©seau (AV:N) se serait approchĂ©e de 10.

2/

  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
Shibastronaute :verified:đŸš©đŸŽ @Shibanarchiste

En utilisant un script Python (github.com/theori-io/copy-fail) trĂšs court (732 octets) qui ne fait appel qu’à des bibliothĂšques standard et ciblant le page cache du noyau, il est possible d’accĂ©der au binaire qui permet d’ĂȘtre superutilisateur : /usr/bin/su. La modification se fait en mĂ©moire, pas directement sur le pĂ©riphĂ©rique de stockage.

7/

  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
Edu Minguez 🐧 @minWi

732 bytes to root on every major Linux distro. No race condition. 100% reliable.

That's CVE-2026-31431 (Copy Fail) and it crosses container boundaries, which makes the flood of AI agent sandboxing content this week land differently.
Containers vs gVisor vs microVMs vs Wasm, Lima + libvirt setups, NixOS MicroVMs — all worth a read now.

Also: Claude Code agent teams, PS5 running Linux, Greg KH hunting kernel bugs with a local LLM, and a $20 SFP for 26ns NTP accuracy.

underkube.com/2026-05-03-what-

  • 0
  • 1
  • 0
  • 2h ago
Profile picture fallback
Phantasm @phnt
Alma released patches for Copy Fail before Red Hat :D

https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
https://access.redhat.com/security/cve/cve-2026-31431
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
Claudio C @cktodon

Copy Fail: la #vulnerabilidad de #Linux que lleva 9 años escondida y permite obtener root con un script de 732 bytes

wwwhatsnew.com/2026/05/02/copy

  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
Vito Botta @vitobotta

No setuid. No interactive users. No Python. No shell. Talos Linux barely flinched at Copy Fail. The kernel's still vulnerable and patched kernels shipped before disclosure, but the defaults carried the day. - siderolabs.com/blog/exploit-fa

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
NEWSTECNICAS | TecnologĂ­a , IA y Gaming @newstecnicas.info.ve
🐧 ¿Cómo funciona '#CopyFail'? El exploit de 732 bytes que otorga acceso Root en Linux (CVE-2026-31431) (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/copy...
  • 0
  • 0
  • 1
  • 22h ago
Profile picture fallback
Securitycipher @securitycipher.bsky.social
Copy-Fail (CVE-2026-31431): From Low-Privileged Shell to Root in Seconds https://medium.com/@ajudeb55/copy-fail-cve-2026-31431-from-low-privileged-shell-to-root-in-seconds-1b18bf525854?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
CVE-2026-31431 eBPF fix - Copy.fail
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
How to block CVE-2026-31431 (Copy Fail)
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CopyFail Linux Kernel Zero-Day & Agentic AI Risks: Why 2026’s Patch Tsunami is Already Here + Video Introduction: The Linux kernel’s `algif_aead` module has just yielded CVE-2026-31431, dubbed “Copy Fail” – a local privilege escalation with a public exploit and CISA KEV enrollment. Simultaneously,

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments | Microsoft Security Blog www.microsoft.com/en-us/securi...
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) - Help Net Security www.helpnetsecurity.com/2026/04/30/c...
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
CISA adds CVE-2026-31431, aka Copy Fail, to its Known Exploited Vulnerabilities list. This Linux kernel bug allows local privilege escalation and affects cloud/container environments. Patches released for versions 6.18.22, 6.19.12, 7.0. #LinuxKernel #USA
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
softfantw.eurosky.social @softfantw.eurosky.social
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV thehackernews.com/2026/05/cisa...
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Linux kernel LPE & DoS vulnerabilities (CVE-2026-31431 / CVE-2026-43033) affect #Debian 11 Bullseye. Detection commands, full fix script, and temporary mitigations inside. Update to kernel 5.10.251-3. đŸ›Ąïž Full guide & script Read more- > tinyurl.com/yfpvfpa8 #Security
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-41940

Overview

  • WebPros
  • cPanel
29 Apr 2026
Published
01 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
28.36%
KEV

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

  • 7 Posts
  • 10 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

cPanelSniper PoC Exploit Released for CVSS 9.8 Flaw CVE-2026-41940 — 44,000 Servers Already Compromised
#CyberSecurity
securebulletin.com/cpanelsnipe

  • 5
  • 1
  • 0
  • 20h ago
Profile picture fallback
:awesome:đŸŠâ€đŸ”„nemoℱ🐩‍⬛ đŸ‡ș🇩🍉 @nemo

Reports: A critical cPanel & WHM zero-day (CVE-2026-41940) is being actively exploited since Feb—attackers can bypass auth to gain full admin access. Patch immediately. đŸ”„đŸ”âš ïž Read: cyberinsider.com/critical-cpan #cPanel #infosec #zeroDay #cybersecurity

  • 3
  • 0
  • 0
  • 19h ago
Profile picture fallback
ThreatNoir @threatnoir

2026-W18 — Weekly Threat Roundup

🚹 Critical cPanel authentication bypass (CVE-2026-41940) under mass exploitation for ransomware deployment
🔗 Supply chain attacks hit SAP packages and PyTorch Lightning, stealing developer credentials
👼 Two US cybersecurity professionals sentenced to 4 years for conducting BlackCat ransomware at


threatnoir.com/weekly/2026-w18

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Techpresso @techpresso.bsky.social
BREAKING: A critical cPanel vulnerability (CVE-2026-41940) is being mass-exploited, with at least 44,000 servers compromised worldwide and now actively used to launch further attacks.
  • 0
  • 1
  • 0
  • 9h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
cPanel zero-day exploited for months before patch release (CVE-2026-41940) - Help Net Security www.helpnetsecurity.com/2026/04/30/c...
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940)
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
ecrime.ch @ecrime.ch
Critrical cPanel flaw mass-exploited in A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach Read more: https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-3854

Overview

  • GitHub
  • Enterprise Server
10 Mar 2026
Published
29 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.30%
KEV

Description

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.

Statistics

  • 2 Posts
Last activity: 4 hours ago

Fediverse

Profile picture fallback
FelhasznĂĄlĂł @felhasznalo

prog.hu/hirek/7088/github-cve-

#magyar #hungarian #GitHub

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854) - Help Net Security www.helpnetsecurity.com/2026/04/29/c...
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-2554

Overview

  • wclovers
  • WCFM – Frontend Manager for WooCommerce
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfm_delete_wcfm_customer' due to missing validation on the 'customerid' user controlled key. This makes it possible for authenticated attackers, with Vendor-level access and above, to delete arbitrary users, including Administrators.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔒 CVE-2026-2554: HIGH-severity IDOR in WCFM – Frontend Manager for WooCommerce lets Vendor+ users delete any account, incl. admins. No patch yet. Restrict Vendor access & monitor user deletions. More: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 10h ago

CVE-2026-34159

Overview

  • ggml-org
  • llama.cpp
01 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.49%
KEV

Description

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been patched in version b8492.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Hugo Valters @hugovalters

CVE-2026-34159: llama.cpp RPC backend has an unauthenticated, no-bounds-check RCE. Zero buffer field in deserialize_tensor() allows arbitrary memory read/write. No auth, low complexity, CVSS 9.8. Patch to b8492 immediately. #infosec #llamacpp #rce

valtersit.com/cve/2026/04/cve-

  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-33825

Overview

  • Microsoft
  • Microsoft Defender Antimalware Platform
14 Apr 2026
Published
30 Apr 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
3.95%
KEV

Description

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

May 3, 2026 Cyber Brief:
AI identities outpacing governance.
Defender exploited (CVE-2026-33825).
Linux LPE added to KEV.
ScreenConnect resurfaces.
ADT breach confirmed.
OFAC freezes $344M in USDT.

Your security stack is now part of your attack surface.

thecybermind.co/2026/05/03/exe

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-5063

Overview

  • webaways
  • NEX-Forms – Ultimate Forms Plugin for WordPress
03 May 2026
Published
03 May 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
Pending
KEV

Description

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚹 HIGH-severity XSS (CVE-2026-5063) in NEX-Forms – Ultimate Forms Plugin for WordPress (≀9.1.11): Unauthenticated attackers can inject persistent scripts. No patch yet — disable vulnerable versions and monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
82.01%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture fallback
(in)sicurezza digitale @blog

SHADOW-EARTH-053: la campagna APT cinese che spia governi asiatici, la NATO e i diplomatici cubani

Trend Micro ha smascherato SHADOW-EARTH-053, un gruppo APT allineato alla Cina attivo dal dicembre 2024 che ha colpito governi e contractor difesa in Pakistan, India, Malaysia, Taiwan e Polonia. In parallelo, un'operazione correlata ha violato le email di 68 diplomatici cubani a Washington sfruttando Exchange non patchati. Analisi tecnica di ShadowPad, Godzilla webshell, CVE-2025-55182 e delle implicazioni per i difensori.

insicurezzadigitale.com/shadow

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-7685

Overview

  • Edimax
  • BR-6208AC
03 May 2026
Published
03 May 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚹 HIGH severity buffer overflow in Edimax BR-6208AC (≀1.02) via /goform/setWAN. Exploit public, no vendor fix. Monitor and segment affected devices! CVE-2026-7685 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-4061

Overview

  • cyberhobo
  • Geo Mashup
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook explicitly calling `stripslashes_deep($_POST)` which removes WordPress magic quotes protection, followed by the unsanitized `map_post_type` value being concatenated into an `IN(...)` clause without `esc_sql()` or `$wpdb->prepare()`. The 'any' branch of the same code correctly applies `array_map('esc_sql', ...)`, but the else branch does not. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind approach. Exploitation requires the Geo Search feature to be enabled in plugin settings.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
OffSequence @offseq

🚹 HIGH severity: CVE-2026-4061 affects Geo Mashup ≀1.13.18 (WordPress). Unauthenticated SQL injection via 'map_post_type' lets attackers extract sensitive DB data if Geo Search is enabled. Disable Geo Search for now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour
Showing 1 to 10 of 24 CVEs