24h | 7d | 30d

CVE-2026-31431

Overview

  • Linux
  • Linux
22 Apr 2026
Published
03 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
3.98%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 20 Posts
  • 29 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
#:idle: Don T3rr0r :antifa: @t3rr0rz0n3

Sobre la vulnerabilidad del Kernel (CVE-2026-31431) conocida con el nombre #CopyFail (más información: copy.fail)

Comentaros que ya existen parches disponibles para la mayoría de distribuciones más conocidas:

Anuncio de Ubuntu: ubuntu.com/blog/copy-fail-vuln

Security Tracker de Debian: security-tracker.debian.org/tr

Anuncio de AlmaLinux: ubuntu.com/blog/copy-fail-vuln

Anuncio de Rocky Linux: kb.ciq.com/article/rocky-linux

Security Tracker de Arch Linux: security.archlinux.org/CVE-202

  • 10
  • 9
  • 0
  • 10h ago
Profile picture fallback
OSTechNix @ostechnix

AlmaLinux released critical kernel patches to fix Copy Fail (CVE-2026-31431), a high-severity vulnerability. Update your AlmaLinux systems today.

Full details here: ostechnix.com/almalinux-copy-f

#Copyfail #CVE202631431 #Almalinux #Linuxkernel #Patch #Linuxsecurity

  • 1
  • 2
  • 0
  • 11h ago
Profile picture fallback
Edu Minguez 🐧 @minWi

732 bytes to root on every major Linux distro. No race condition. 100% reliable.

That's CVE-2026-31431 (Copy Fail) and it crosses container boundaries, which makes the flood of AI agent sandboxing content this week land differently.
Containers vs gVisor vs microVMs vs Wasm, Lima + libvirt setups, NixOS MicroVMs — all worth a read now.

Also: Claude Code agent teams, PS5 running Linux, Greg KH hunting kernel bugs with a local LLM, and a $20 SFP for 26ns NTP accuracy.

underkube.com/2026-05-03-what-

  • 0
  • 1
  • 0
  • 14h ago
Profile picture fallback
tomcat @tomcat

⚠️ A new flaw is now under active exploitation.

CISA added CVE-2026-31431 to its KEV list. The bug lets low-privilege users gain full root access. Patches released.

Fix deadline: May 15, 2026.

Read: thehackernews.com/2026/05/cisa

  • 0
  • 1
  • 0
  • 11h ago
Profile picture fallback
Vito Botta @vitobotta

No setuid. No interactive users. No Python. No shell. Talos Linux barely flinched at Copy Fail. The kernel's still vulnerable and patched kernels shipped before disclosure, but the defaults carried the day. - siderolabs.com/blog/exploit-fa

  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Stefan Schmidt @zaphodb

@zhenech probably judging by though the verdict is still out apart from v3.1 self assessed. Linux kernel pfft, who do they think they are. ;)

nvd.nist.gov/vuln/detail/CVE-2

So your CISO is a beancounter?

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Vito Botta @vitobotta

Microsoft's Copy Fail threat report expects exploitation to ramp up soon. CISA added it to KEV on May 1. Five-phase attack chain, and the TLDR: treat any container RCE as potential host compromise. 732 bytes to root. - microsoft.com/en-us/security/b

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
funz @funz

@besendorf für Debian security-tracker.debian.org/tr

  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
TrustedAlpaca @TrustedAlpaca

CVE-2026-31431, also known as CopyFail, is a Local Privilege Escalation (LPE) vulnerability in which an attacker can escalate an already compromised and authenticated standard user to root privileges, which are the highest privileges on the host. This vulnerability affects most popular Linux distributions, as well as many virtualized and hardware environments where Linux is present.

The vulnerability is present in the algif_aead module of the Linux kernel, which is responsible for hardware-accelerated cryptography. Canonical, the company behind Ubuntu, pushed out an update that disables the algif_aead module to mitigate the CopyFail vulnerability, however, Canonical notes that this mitigation will not be necessary once the kernel is updated.

Disabling the affected module should make applications fallback from hardware-accelerated cryptography to userspace cryptographic functions. However, because of the complexity and variation of configurations across many environments, it is recommended to test this mitigation in staging first, as some applications may not include or support userspace cryptographic functions. A reboot is also recommended to complete the mitigation, as some applications may require a reboot to trigger the fallback.

To protect systems running Ubuntu and Ubuntu-based distributions against this vulnerability, follow the steps below:

Open a terminal and type:

1. apt changelog kmod

This checks the changelog for the version of the kmod tool currently installed on your system and shows a list of changes, which will confirm whether the CopyFail vulnerability was mitigated. Check the top entry to confirm the mitigation, as shown in the attached screenshot, if the top entry mentions "* Disable loading of algif_aead module to mitigate CVE-2026-31431", you already have the update installed that mitigates the CopyFail vulnerability but if there is no mention of the CVE, continue with the steps below.

2. sudo apt-get update

This will update your package index files so you can install newly released updates.

3. sudo apt-get install --only-upgrade kmod

This command will upgrade only kmod, a tool used to configure kernel modules on Ubuntu, the new release contains the mitigation for your current kernel.

4. sudo reboot

This will reboot the operating system.

5. apt changelog kmod

Repeat the command from the first step to confirm whether the mitigation is in place. The top entry should now say "* Disable loading of algif_aead module to mitigate CVE-2026-31431".

  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
Dataplane.org @dataplane

The Internet Last Week

* Ubuntu/Canonical DDoS
status.canonical.com/#/inciden==
techcrunch.com/2026/05/01/ubun
* Linux copy.fail vulnerability
nvd.nist.gov/vuln/detail/CVE-2
xint.io/blog/copy-fail-linux-d
* GitHub availability
github.blog/news-insights/comp
githubstatus.com/incidents/ql9
githubstatus.com/incidents/dby
githubstatus.com/incidents/vq1
* cPanel/WHM vulnerability
nvd.nist.gov/vuln/detail/CVE-2
support.cpanel.net/hc/en-us/ar
censys.com/blog/the-cpanel-sit

#Ubuntu #Linux #GitHub #cPanel #WHM #Outages #DDoS

  • 2
  • 2
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Ninja Owl @ninjaowl.ai
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 1
  • 0
  • Last hour
Profile picture fallback
Undercode Testing @undercode.bsky.social
CopyFail Linux Kernel Zero-Day & Agentic AI Risks: Why 2026’s Patch Tsunami is Already Here + Video Introduction: The Linux kernel’s `algif_aead` module has just yielded CVE-2026-31431, dubbed “Copy Fail” – a local privilege escalation with a public exploit and CISA KEV enrollment. Simultaneously,…
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments | Microsoft Security Blog www.microsoft.com/en-us/securi...
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) - Help Net Security www.helpnetsecurity.com/2026/04/30/c...
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
CISA adds CVE-2026-31431, aka Copy Fail, to its Known Exploited Vulnerabilities list. This Linux kernel bug allows local privilege escalation and affects cloud/container environments. Patches released for versions 6.18.22, 6.19.12, 7.0. #LinuxKernel #USA
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
softfantw.eurosky.social @softfantw.eurosky.social
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV thehackernews.com/2026/05/cisa...
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
CySecurity News @cysecuritynews.bsky.social
CISA Highlights CVE-2026-31431 as an Active Linux Root Exploitation Risk #CISAKEVcatalog #ContainerSecurityRisk #CVE202631431
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2026-31431 (Copy.Fail) : workaround eBPF pour une LPE via AF_ALG socket Linux 📝 ## 🔍 Contexte Publié le 3 mai 2026 sur GitHub (dépôt `wgnet/wg.copyfail.… https://cyberveille.ch/posts/2026-05-03-cve-2026-31431-copy-fail-workaround-ebpf-pour-une-lpe-via-af-alg-socket-linux/ #AF_ALG #Cyberveille
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CopyFail (CVE-2026-31431) : élévation de privilèges critique affectant quasiment tous les noyaux Linux 📝 ## 🗓️ Contexte Publié le 30 avri… https://cyberveille.ch/posts/2026-05-03-copyfail-cve-2026-31431-elevation-de-privileges-critique-affectant-quasiment-tous-les-noyaux-linux/ #CI_CD #Cyberveille
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-31431: The 732-Byte Script That Renders All Linux Kernel Defenses Since 2017 Obsolete + Video Introduction: A recently disclosed local privilege escalation (LPE) vulnerability identified as CVE-2026-31431 and codenamed "Copy Fail" has sent shockwaves through the cybersecurity community.…
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-41940

Overview

  • WebPros
  • cPanel
29 Apr 2026
Published
01 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
28.36%
KEV

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

  • 13 Posts
  • 13 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

CVE-2026-41940: il bug CRLF di cPanel che ha consegnato 44.000 server al ransomware “Sorry”
#CyberSecurity
insicurezzadigitale.com/cve-20

  • 4
  • 0
  • 0
  • 5h ago
Profile picture fallback
N_{Dario Fadda} @nuke

APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia
#CyberSecurity
securebulletin.com/apt-campaig

  • 4
  • 0
  • 0
  • 5h ago
Profile picture fallback
ThreatNoir @threatnoir

2026-W18 — Weekly Threat Roundup

🚨 Critical cPanel authentication bypass (CVE-2026-41940) under mass exploitation for ransomware deployment
🔗 Supply chain attacks hit SAP packages and PyTorch Lightning, stealing developer credentials
👮 Two US cybersecurity professionals sentenced to 4 years for conducting BlackCat ransomware at…

threatnoir.com/weekly/2026-w18

  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Kaito @kaito02

cPanel / WHM vuln

labs.watchtowr.com/the-interne

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
(in)sicurezza digitale @blog

CVE-2026-41940: il bug CRLF di cPanel che ha consegnato 44.000 server al ransomware “Sorry”

Una vulnerabilità critica CVSS 9.8 nel pannello di controllo hosting più diffuso al mondo — sfruttata in silenzio per mesi prima della patch — ha permesso a un gruppo criminale di compromettere oltre 44.000 server e distribuire il ransomware “Sorry”. La tecnica: un’iniezione CRLF nel daemon di autenticazione di cPanel che consente accesso root senza credenziali.

insicurezzadigitale.com/cve-20

  • 0
  • 0
  • 1
  • 6h ago
Profile picture fallback
Dataplane.org @dataplane

The Internet Last Week

* Ubuntu/Canonical DDoS
status.canonical.com/#/inciden==
techcrunch.com/2026/05/01/ubun
* Linux copy.fail vulnerability
nvd.nist.gov/vuln/detail/CVE-2
xint.io/blog/copy-fail-linux-d
* GitHub availability
github.blog/news-insights/comp
githubstatus.com/incidents/ql9
githubstatus.com/incidents/dby
githubstatus.com/incidents/vq1
* cPanel/WHM vulnerability
nvd.nist.gov/vuln/detail/CVE-2
support.cpanel.net/hc/en-us/ar
censys.com/blog/the-cpanel-sit

#Ubuntu #Linux #GitHub #cPanel #WHM #Outages #DDoS

  • 2
  • 2
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Techpresso @techpresso.bsky.social
BREAKING: A critical cPanel vulnerability (CVE-2026-41940) is being mass-exploited, with at least 44,000 servers compromised worldwide and now actively used to launch further attacks.
  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
cPanel zero-day exploited for months before patch release (CVE-2026-41940) - Help Net Security www.helpnetsecurity.com/2026/04/30/c...
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940)
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
ecrime.ch @ecrime.ch
Critrical cPanel flaw mass-exploited in A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach Read more: https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2026-41940 : faille critique cPanel exploitée avant patch, ransomware signalé 📝 ## 🗞️ Contexte Article publié le 1er mai 2026 par *The Register*… https://cyberveille.ch/posts/2026-05-03-cve-2026-41940-faille-critique-cpanel-exploitee-avant-patch-ransomware-signale/ #CVE_2026_41940 #Cyberveille
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-41940: CRLF Injection Opens 70 Million cPanel Hosts to Complete Takeover + Video Introduction: A maximum-severity vulnerability tracked as CVE-2026-41940 (CVSS 10.0) is currently being exploited in the wild, compromising thousands of servers hosting an estimated 70 million domains. The…
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-2554

Overview

  • wclovers
  • WCFM – Frontend Manager for WooCommerce
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.03%
KEV

Description

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfm_delete_wcfm_customer' due to missing validation on the 'customerid' user controlled key. This makes it possible for authenticated attackers, with Vendor-level access and above, to delete arbitrary users, including Administrators.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔒 CVE-2026-2554: HIGH-severity IDOR in WCFM – Frontend Manager for WooCommerce lets Vendor+ users delete any account, incl. admins. No patch yet. Restrict Vendor access & monitor user deletions. More: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 22h ago

CVE-2026-3854

Overview

  • GitHub
  • Enterprise Server
10 Mar 2026
Published
29 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.30%
KEV

Description

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854) - Help Net Security www.helpnetsecurity.com/2026/04/29/c...
  • 0
  • 1
  • 0
  • 16h ago

CVE-2026-34159

Overview

  • ggml-org
  • llama.cpp
01 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.53%
KEV

Description

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been patched in version b8492.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture fallback
Hugo Valters @hugovalters

CVE-2026-34159: llama.cpp RPC backend has an unauthenticated, no-bounds-check RCE. Zero buffer field in deserialize_tensor() allows arbitrary memory read/write. No auth, low complexity, CVSS 9.8. Patch to b8492 immediately. #infosec #llamacpp #rce

valtersit.com/cve/2026/04/cve-

  • 0
  • 1
  • 0
  • 22h ago

CVE-2026-33825

Overview

  • Microsoft
  • Microsoft Defender Antimalware Platform
14 Apr 2026
Published
30 Apr 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
3.95%
KEV

Description

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

May 3, 2026 Cyber Brief:
AI identities outpacing governance.
Defender exploited (CVE-2026-33825).
Linux LPE added to KEV.
ScreenConnect resurfaces.
ADT breach confirmed.
OFAC freezes $344M in USDT.

Your security stack is now part of your attack surface.

thecybermind.co/2026/05/03/exe

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-5063

Overview

  • webaways
  • NEX-Forms – Ultimate Forms Plugin for WordPress
03 May 2026
Published
03 May 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.03%
KEV

Description

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH-severity XSS (CVE-2026-5063) in NEX-Forms – Ultimate Forms Plugin for WordPress (≤9.1.11): Unauthenticated attackers can inject persistent scripts. No patch yet — disable vulnerable versions and monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-4061

Overview

  • cyberhobo
  • Geo Mashup
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook explicitly calling `stripslashes_deep($_POST)` which removes WordPress magic quotes protection, followed by the unsanitized `map_post_type` value being concatenated into an `IN(...)` clause without `esc_sql()` or `$wpdb->prepare()`. The 'any' branch of the same code correctly applies `array_map('esc_sql', ...)`, but the else branch does not. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind approach. Exploitation requires the Geo Search feature to be enabled in plugin settings.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH severity: CVE-2026-4061 affects Geo Mashup ≤1.13.18 (WordPress). Unauthenticated SQL injection via 'map_post_type' lets attackers extract sensitive DB data if Geo Search is enabled. Disable Geo Search for now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-7685

Overview

  • Edimax
  • BR-6208AC
03 May 2026
Published
03 May 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH severity buffer overflow in Edimax BR-6208AC (≤1.02) via /goform/setWAN. Exploit public, no vendor fix. Monitor and segment affected devices! CVE-2026-7685 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-35535

Overview

  • Sudo project
  • Sudo
03 Apr 2026
Published
04 Apr 2026
Updated
CVSS v3.1
HIGH (7.4)
EPSS
0.00%
KEV

Description

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
A sudo vulnerability (CVE-2026-35535) could let any local user gain root on Rocky Linux. Here's how to check, patch, and automate updates: Read more -> tinyurl.com/2kd8ztbp #Security
  • 0
  • 0
  • 0
  • 4h ago
Showing 1 to 10 of 21 CVEs