Overview
Description
Statistics
- 41 Posts
- 154 Interactions
Fediverse
Le sigh. Every time we go around and have to do this again and manually figure out wtf each of the ten thousand linux distributions provides their security updates and current status.
Spending my Saturday morning searching for CVE-2026-31431 and "copyfail" patch status is just 👍.
Anyway, here's what I have so far:
Copy Fail (CVE-2026-31431) Patch Status for Debian:
- Debian Sid: Patched
- Forky: Patched
- Debian 13 Trixie: Patched
- Debian 12 Bookworm: Patched
Debian 11 Bullseye remains vulnerable.
ADDENDUM: Now also a blog post at https://jan.wildeboer.net/2026/05/PSA-CopyFail-CVE-2026-31431/
Some more details from our CVE page on CVE-2026-31431 at https://access.redhat.com/security/cve/cve-2026-31431 For more infos also on availability of updates see https://nvd.nist.gov/vuln/detail/CVE-2026-31431and https://www.cve.org/CVERecord?id=CVE-2026-31431 And check the errata/update/advisory pages of your distribution.
2/4
Alma - https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
fixed
Alpine - https://security.alpinelinux.org/vuln/CVE-2026-31431
fixed (per https://fosstodon.org/@alpinelinux/116500119563494081)
Arch - https://security.archlinux.org/CVE-2026-31431
https://security.archlinux.org/AVG-2908
fixed in linux 6.19.12-1
Centos - pending RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=2460538
?
Debian - https://security-tracker.debian.org/tracker/CVE-2026-31431
13 (Trixie), 12 (bookworm), 11 (bullseye) all still vulnerable, but fixed in security releases
Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=2460538
"For any Fedora users finding a link here: this was fixed in kernel 6.19.12, and all current Fedora branches are already at or past that version."
Gentoo - https://bugs.gentoo.org/973385
Kali - should have it by tracking Debian security
Suse / OpenSuse etc. - https://www.suse.com/security/cve/CVE-2026-31431.html
RedHat - https://access.redhat.com/security/cve/cve-2026-31431
relevant for various downstreams
Un kernel Linux patché est disponible pour Debian 11 (5.10.251-3), Debian 12 (6.1.170-1) et Debian 13 (6.12.85-1) : https://security-tracker.debian.org/tracker/CVE-2026-31431
Pour Debian 9 et 10 il faut suivre les paquets de Freexian : https://deb.freexian.com/extended-lts/tracker/CVE-2026-31431
#CopyFail #Debian
Linux-Kernel-Lücke CVE-2026-31431: Lokale Rechteerweiterung auf Root über algif_aead
Eine Schwachstelle im Krypto-Subsystem des Linux-Kernels erlaubt es nicht privilegierten lokalen Nutzern, Root-Rechte zu erlangen – ohne die Datei auf der Festplatte zu verändern.
Learn how to fix Copy Fail (CVE-2026-31431) in Ubuntu and Linux Mint. Copy Fail vulnerability allows any local user gain root access on Linux.
Full details here: https://ostechnix.com/fix-copy-fail-cve-2026-31431-ubuntu-linux-mint/
#Copyfail #CVE202631431 #Ubuntu #Linuxmint #Security #Linuxkernel
Because of the #copyfail cve, I booted up my MacBook Air running Linux Mint to get the patches.
I took the chance to upgrade from Mint 21.3 to 22.3 too. I absolutely love how Mint has given so much extra life to the 2012 MBA.
On my Pi though, DietPi is not patched yet, but I think it's waiting for Raspberry Pi's kernel or something. I don't really understand how or which party patches what!
« Mettez à jour le paquet du noyau de votre distribution avec une version incluant le #commit a664bf3d603d de la branche principale », expliquent les chercheurs, « la plupart des principales distributions proposent désormais ce correctif », comme #Debian (https://security-tracker.debian.org/tracker/CVE-2026-31431) (Forky et Sid), #Ubuntu (https://ubuntu.com/security/CVE-2026-31431), par exemple mais la mise en place est encore en cours chez #RedHat (https://access.redhat.com/security/cve/cve-2026-31431) et #Suse.
Fin de l'article.
10/
#Patch #Linux #Ubuntu #CopyFail #Root #Cybersecurity #Docker #Kubernetes
Nine years in the Linux kernel and nobody noticed. "Copy Fail" (CVE-2026-31431) lets any local user grab root in seconds. CISA just added it to KEV. Working exploits for Ubuntu, Amazon Linux, RHEL, SUSE. Patch. - https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog
@jorge bazzite is on a different machine but similarly vulnerable. It's on stable, kernel 6.19.11-ogc1.1.fc44.x86_64 and shows vulnerable to cve-2026-31431
Rocky - https://kb.ciq.com/article/rocky-linux/rl-cve-2026-31431-mitigation
(couldn't find an official link)
Slackware - nothing on http://www.slackware.com/security/list.php?l=slackware-security&y=2026
Ubuntu - https://ubuntu.com/security/CVE-2026-31431
all around very unclear
#copyfail - ¯\_(ツ)_/¯
I can't tell how dangerous Linux CVE-2026-31431 is, given it's just "local privilege escalation," but updating all my web servers anyway I guess 🤷🏻♂️
Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.
All that is needed is local shell access and a few lines of python.
https://forum.hashpwn.net/post/12727
#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn
C’est l’entreprise de sécurité Xint.io qui a révélé (https://xint.io/blog/copy-fail-linux-distributions), ce mercredi 29 avril, cette vulnérabilité (CVE-2026-31431, d’une sévérité élevée de 7,8/10) permettant une élévation des privilèges en local.
Le score n’est « que » de 7,8 car le vecteur d’attaque est local (AV:L) : il faut déjà avoir un accès local sur la machine, ici un compte utilisateur. La même avec une attaque depuis le réseau (AV:N) se serait approchée de 10.
2/
En utilisant un script Python (https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py) très court (732 octets) qui ne fait appel qu’à des bibliothèques standard et ciblant le page cache du noyau, il est possible d’accéder au binaire qui permet d’être superutilisateur : /usr/bin/su. La modification se fait en mémoire, pas directement sur le périphérique de stockage.
7/
CVE-2026-31431 added to KEV.
Linux kernel vuln, active exploitation confirmed.
Patch ASAP.
💬 Thoughts?
Follow @technadu
https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
https://access.redhat.com/security/cve/cve-2026-31431
Copy Fail: la #vulnerabilidad de #Linux que lleva 9 años escondida y permite obtener root con un script de 732 bytes
https://wwwhatsnew.com/2026/05/02/copy-fail-cve-2026-31431-linux-kernel-vulnerabilidad-ia-mayo-2026/
Bluesky
Overview
Description
Statistics
- 8 Posts
- 11 Interactions
Fediverse
cPanelSniper PoC Exploit Released for CVSS 9.8 Flaw CVE-2026-41940 — 44,000 Servers Already Compromised
#CyberSecurity
https://securebulletin.com/cpanelsniper-poc-exploit-released-for-cvss-9-8-flaw-cve-2026-41940-44000-servers-already-compromised/
Reports: A critical cPanel & WHM zero-day (CVE-2026-41940) is being actively exploited since Feb—attackers can bypass auth to gain full admin access. Patch immediately. 🔥🔐⚠️ Read: https://cyberinsider.com/critical-cpanel-zero-day-auth-bypass-exploited-since-february/ #cPanel #infosec #zeroDay #cybersecurity
cPanel CVE-2026-41940 now exploited in the wild.
Ransomware cases emerging, millions exposed.
CISA confirms active attacks.
Source: https://www.theregister.com/2026/05/01/critical_cpanel_vuln_hits_cisa/
💬 Thoughts?
Follow @technadu
Bluesky
Overview
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
It's fair to say that <https://nitter.net/cperciva/status/2049591719143059860>, a few hours before Gary's video, was not bullshit:
" In April, FreeBSD issued eight security advisories. Six of them were for issues found by AI."
Colin Percival quotes his own post from March 2026:
"… LLMs are producing lots of slop, but they're also finding a heck of a lot of real vulnerabilities."
@seuros if you disagree with CWE-121 – the Common Weakness Enumeration (CWE™) for CVE-2026-4747 – you might contact MITRE – <https://www.cve.org/CVERecord?id=CVE-2026-4747>.
Cc @garyhtech @cperciva@mastodon.social
@cperciva@bird.makeup (automated)
#AI #FreeBSD #vulnerability #Anthropic #Claude #Mythos #security #infosec
Overview
- wclovers
- WCFM – Frontend Manager for WooCommerce
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🔒 CVE-2026-2554: HIGH-severity IDOR in WCFM – Frontend Manager for WooCommerce lets Vendor+ users delete any account, incl. admins. No patch yet. Restrict Vendor access & monitor user deletions. More: https://radar.offseq.com/threat/cve-2026-2554-cwe-639-authorization-bypass-through-d8e3f679 #OffSeq #WordPress #WooCommerce #Infosec
Overview
- mtrudel
- bandit
- bandit
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🚨 CVE-2026-42786 (HIGH): mtrudel bandit 0.5.0 – <1.11.0 lets remote attackers cause DoS via unlimited WebSocket continuation frames (resource exhaustion). Affects Phoenix Channels & LiveView. Patch pending — monitor & limit connections. https://radar.offseq.com/threat/cve-2026-42786-cwe-770-allocation-of-resources-wit-56eb6fa8 #OffSeq #CVE #Elixir
Overview
- ggml-org
- llama.cpp
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- argoproj
- Argo CD
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
⚠️ HIGH-severity vuln (CVE-2026-43824) in Argo CD 3.2.0 – 3.2.10 & 3.3.0 – 3.3.8: ServerSideDiff leaks cleartext Kubernetes Secrets. Restrict feature use & monitor for patches. Details: https://radar.offseq.com/threat/cve-2026-43824-cwe-212-improper-removal-of-sensiti-5eb1043e #OffSeq #ArgoCD #Kubernetes #Vuln
Overview
- Zyosoft
- School App
Description
Statistics
- 1 Post
Fediverse
⚠️ CVE-2026-7491 (HIGH, CVSS 8.6): Zyosoft School App v0 is vulnerable to auth bypass via user-controlled keys (CWE-639). Authenticated users can access & modify others' data. No patch yet — restrict access & stay alert for updates. https://radar.offseq.com/threat/cve-2026-7491-cwe-639-authorization-bypass-through-2581445b #OffSeq #Vuln #AppSec
Overview
- GitHub
- Enterprise Server
Description
Statistics
- 1 Post
Overview
- pickplugins
- User Verification by PickPlugins
Description
Statistics
- 1 Post
Fediverse
🚨 CRITICAL: CVE-2026-7458 in User Verification by PickPlugins (≤2.0.46) enables auth bypass via weak OTP checks. Attackers can log in as any verified user, including admins. No patch yet — disable or restrict plugin! https://radar.offseq.com/threat/cve-2026-7458-cwe-288-authentication-bypass-using--78b8e551 #OffSeq #WordPress #Vuln