24h | 7d | 30d

Overview

  • Linux
  • Linux

22 Apr 2026
Published
04 May 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
3.98%

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 25 Posts
  • 33 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

Sobre la vulnerabilidad del Kernel (CVE-2026-31431) conocida con el nombre #CopyFail (más información: copy.fail)

Comentaros que ya existen parches disponibles para la mayoría de distribuciones más conocidas:

Anuncio de Ubuntu: ubuntu.com/blog/copy-fail-vuln

Security Tracker de Debian: security-tracker.debian.org/tr

Anuncio de AlmaLinux: ubuntu.com/blog/copy-fail-vuln

Anuncio de Rocky Linux: kb.ciq.com/article/rocky-linux

Security Tracker de Arch Linux: security.archlinux.org/CVE-202

  • 10
  • 9
  • 0
  • 17h ago
Profile picture fallback

AlmaLinux released critical kernel patches to fix Copy Fail (CVE-2026-31431), a high-severity vulnerability. Update your AlmaLinux systems today.

Full details here: ostechnix.com/almalinux-copy-f

#Copyfail #CVE202631431 #Almalinux #Linuxkernel #Patch #Linuxsecurity

  • 1
  • 2
  • 0
  • 19h ago
Profile picture fallback

732 bytes to root on every major Linux distro. No race condition. 100% reliable.

That's CVE-2026-31431 (Copy Fail) and it crosses container boundaries, which makes the flood of AI agent sandboxing content this week land differently.
Containers vs gVisor vs microVMs vs Wasm, Lima + libvirt setups, NixOS MicroVMs — all worth a read now.

Also: Claude Code agent teams, PS5 running Linux, Greg KH hunting kernel bugs with a local LLM, and a $20 SFP for 26ns NTP accuracy.

underkube.com/2026-05-03-what-

  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback

⚠️ A new flaw is now under active exploitation.

CISA added CVE-2026-31431 to its KEV list. The bug lets low-privilege users gain full root access. Patches released.

Fix deadline: May 15, 2026.

Read: thehackernews.com/2026/05/cisa

  • 0
  • 1
  • 0
  • 18h ago
Profile picture fallback

Copy.fail: a small Linux kernel bug with an unusually big blast radius jorijn.com/en/blog/copy-fail-c

  • 0
  • 1
  • 0
  • 1h ago
Profile picture fallback

No setuid. No interactive users. No Python. No shell. Talos Linux barely flinched at Copy Fail. The kernel's still vulnerable and patched kernels shipped before disclosure, but the defaults carried the day. - siderolabs.com/blog/exploit-fa

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback

@zhenech probably judging by though the verdict is still out apart from v3.1 self assessed. Linux kernel pfft, who do they think they are. ;)

nvd.nist.gov/vuln/detail/CVE-2

So your CISO is a beancounter?

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback

Microsoft's Copy Fail threat report expects exploitation to ramp up soon. CISA added it to KEV on May 1. Five-phase attack chain, and the TLDR: treat any container RCE as potential host compromise. 732 bytes to root. - microsoft.com/en-us/security/b

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback

CVE-2026-31431, also known as CopyFail, is a Local Privilege Escalation (LPE) vulnerability in which an attacker can escalate an already compromised and authenticated standard user to root privileges, which are the highest privileges on the host. This vulnerability affects most popular Linux distributions, as well as many virtualized and hardware environments where Linux is present.

The vulnerability is present in the algif_aead module of the Linux kernel, which is responsible for hardware-accelerated cryptography. Canonical, the company behind Ubuntu, pushed out an update that disables the algif_aead module to mitigate the CopyFail vulnerability, however, Canonical notes that this mitigation will not be necessary once the kernel is updated.

Disabling the affected module should make applications fallback from hardware-accelerated cryptography to userspace cryptographic functions. However, because of the complexity and variation of configurations across many environments, it is recommended to test this mitigation in staging first, as some applications may not include or support userspace cryptographic functions. A reboot is also recommended to complete the mitigation, as some applications may require a reboot to trigger the fallback.

To protect systems running Ubuntu and Ubuntu-based distributions against this vulnerability, follow the steps below:

Open a terminal and type:

1. apt changelog kmod

This checks the changelog for the version of the kmod tool currently installed on your system and shows a list of changes, which will confirm whether the CopyFail vulnerability was mitigated. Check the top entry to confirm the mitigation, as shown in the attached screenshot, if the top entry mentions "* Disable loading of algif_aead module to mitigate CVE-2026-31431", you already have the update installed that mitigates the CopyFail vulnerability but if there is no mention of the CVE, continue with the steps below.

2. sudo apt-get update

This will update your package index files so you can install newly released updates.

3. sudo apt-get install --only-upgrade kmod

This command will upgrade only kmod, a tool used to configure kernel modules on Ubuntu, the new release contains the mitigation for your current kernel.

4. sudo reboot

This will reboot the operating system.

5. apt changelog kmod

Repeat the command from the first step to confirm whether the mitigation is in place. The top entry should now say "* Disable loading of algif_aead module to mitigate CVE-2026-31431".

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a Linux root access bug also known as Copy Fail, to its Known Exploited Vulnerabilities catalog due to active exploitation. This privilege escalation flaw allows unprivileged local users to gain root access by corrupting the kernel's page cache, posing a significant risk to cloud and containerized environments.
thehackernews.com/2026/05/cisa

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback

@clock

I don't know if this helps, but I don't see your kernel listed here: debiansupport.com/blog/copy-fa

Edit to add that I also have not seen any differentiation between arm and x86_64 vulnerabilities (in general, not just pi-related).

  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback

@clock whilst I was doom-scrolling, this popped up from a few hours ago. I kinda think you're ok since you're on 6.x.

explains.social/@veronica/stat

also:
security-tracker.debian.org/tr

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 2
  • 0
  • 8h ago
Profile picture fallback
The latest update for #Mendit includes "PhantomRaven Wave 5: New Undocumented NPM #SupplyChain Campaign Targets DeFi, #Cloud, and AI Developers" and "CVE-2026-31431 (Copy Fail): #Linux Kernel LPE". #CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d
  • 0
  • 2
  • 0
  • 2h ago
Profile picture fallback
CISA adds CVE-2026-31431, aka Copy Fail, to its Known Exploited Vulnerabilities list. This Linux kernel bug allows local privilege escalation and affects cloud/container environments. Patches released for versions 6.18.22, 6.19.12, 7.0. #LinuxKernel #USA
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV thehackernews.com/2026/05/cisa...
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
CISA Highlights CVE-2026-31431 as an Active Linux Root Exploitation Risk #CISAKEVcatalog #ContainerSecurityRisk #CVE202631431
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
📢 CVE-2026-31431 (Copy.Fail) : workaround eBPF pour une LPE via AF_ALG socket Linux 📝 ## 🔍 Contexte Publié le 3 mai 2026 sur GitHub (dépôt `wgnet/wg.copyfail.… https://cyberveille.ch/posts/2026-05-03-cve-2026-31431-copy-fail-workaround-ebpf-pour-une-lpe-via-af-alg-socket-linux/ #AF_ALG #Cyberveille
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
📢 CopyFail (CVE-2026-31431) : élévation de privilèges critique affectant quasiment tous les noyaux Linux 📝 ## 🗓️ Contexte Publié le 30 avri… https://cyberveille.ch/posts/2026-05-03-copyfail-cve-2026-31431-elevation-de-privileges-critique-affectant-quasiment-tous-les-noyaux-linux/ #CI_CD #Cyberveille
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
CVE-2026-31431: The 732-Byte Script That Renders All Linux Kernel Defenses Since 2017 Obsolete + Video Introduction: A recently disclosed local privilege escalation (LPE) vulnerability identified as CVE-2026-31431 and codenamed "Copy Fail" has sent shockwaves through the cybersecurity community.…
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
「Copy Fail」Linux バグ:732バイトのスクリプトで2017年以降のほぼすべてのディストリビューションにて root 権限の取得が可能に - BigGo ニュース Linux カーネルにおける「Copy Fail」と命名された CVE-2026-31431 という深刻な論理ベースの脆弱性は、オープンソースおよびクラウドコンピューティングの ... biggo.jp/news/2026050...
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
WSL2+Docker環境における、CVE-2026-31431 (Copy Fail) への対策メモ https://zenn.dev/user_thebigslee/articles/41b570658f911b
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV reconbee.com/cisa-adds-ac... #CISA #linuxrootaccess #CVE #Linuxroot #cyberattack
  • 0
  • 0
  • 0
  • Last hour

Overview

  • WebPros
  • cPanel

29 Apr 2026
Published
01 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
28.36%

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

  • 12 Posts
  • 13 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

CVE-2026-41940: il bug CRLF di cPanel che ha consegnato 44.000 server al ransomware “Sorry”
#CyberSecurity
insicurezzadigitale.com/cve-20

  • 4
  • 0
  • 0
  • 13h ago
Profile picture fallback

APT Campaign Exploits cPanel CVE-2026-41940 to Breach Government and Military Servers Across South-East Asia
#CyberSecurity
securebulletin.com/apt-campaig

  • 4
  • 0
  • 0
  • 12h ago
Profile picture fallback

2026-W18 — Weekly Threat Roundup

🚨 Critical cPanel authentication bypass (CVE-2026-41940) under mass exploitation for ransomware deployment
🔗 Supply chain attacks hit SAP packages and PyTorch Lightning, stealing developer credentials
👮 Two US cybersecurity professionals sentenced to 4 years for conducting BlackCat ransomware at…

threatnoir.com/weekly/2026-w18

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback

CVE-2026-41940: il bug CRLF di cPanel che ha consegnato 44.000 server al ransomware “Sorry”

Una vulnerabilità critica CVSS 9.8 nel pannello di controllo hosting più diffuso al mondo — sfruttata in silenzio per mesi prima della patch — ha permesso a un gruppo criminale di compromettere oltre 44.000 server e distribuire il ransomware “Sorry”. La tecnica: un’iniezione CRLF nel daemon di autenticazione di cPanel che consente accesso root senza credenziali.

insicurezzadigitale.com/cve-20

  • 0
  • 0
  • 1
  • 14h ago

Bluesky

Profile picture fallback
CVE-2026-41940: CRLF Injection Opens 70 Million cPanel Hosts to Complete Takeover + Video Introduction: A maximum-severity vulnerability tracked as CVE-2026-41940 (CVSS 10.0) is currently being exploited in the wild, compromising thousands of servers hosting an estimated 70 million domains. The…
  • 0
  • 1
  • 0
  • 9h ago
Profile picture fallback
South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940)
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Critrical cPanel flaw mass-exploited in A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach Read more: https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
📢 CVE-2026-41940 : faille critique cPanel exploitée avant patch, ransomware signalé 📝 ## 🗞️ Contexte Article publié le 1er mai 2026 par *The Register*… https://cyberveille.ch/posts/2026-05-03-cve-2026-41940-faille-critique-cpanel-exploitee-avant-patch-ransomware-signale/ #CVE_2026_41940 #Cyberveille
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-41940) cPanel & WHM Authentication Bypass via CRLF Injection" and "Emerging Threat: (CVE-2026-3854) #GitHub Enterprise Server RCE via Git Push Injection". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • GeoVision Inc.
  • GV-VMS V20.0.2

04 May 2026
Published
04 May 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
Pending

KEV

Description

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access to the management and monitoring feature via a regular Web interface. This webersever is another native application, compiled without ASLR, which makes exploitation much easier and more likely. Most of the features require authentication before being reachable and leverage a standard login page to grant access. However the `gvapi` endpoint uses its own authentication mechanism via an `HTTP Authorization` header. It supports both `Basic` authentication and the `Digest` modes of authentication.   #### Stack-overflow via unbound copy of base64 decoded string The `b64decoder` string is sized dynamically, but it is then copied to the `Buffer` stack variable one character at the time at [0], and there's no bound-check. As such, if the decoded string is bigger than 256 characters (the size of the `Buffer` variable) then a stack overflow occurs. Because the data can be fully controlled by an attacker and lack of ASLR, this vulnerability can easily be exploited to gain full code execution as SYSTEM on the machine running the service.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

🚨 CVE-2026-42369 (CRITICAL, CVSS 10): GeoVision GV-VMS V20.0.2 stack overflow in gvapi endpoint lets unauthenticated remote attackers execute code as SYSTEM. Restrict remote access, monitor for patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

Overview

  • Microsoft
  • Microsoft Defender Antimalware Platform

14 Apr 2026
Published
30 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
3.95%

Description

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture fallback

May 3, 2026 Cyber Brief:
AI identities outpacing governance.
Defender exploited (CVE-2026-33825).
Linux LPE added to KEV.
ScreenConnect resurfaces.
ADT breach confirmed.
OFAC freezes $344M in USDT.

Your security stack is now part of your attack surface.

thecybermind.co/2026/05/03/exe

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • cyberhobo
  • Geo Mashup

02 May 2026
Published
02 May 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.08%

KEV

Description

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook explicitly calling `stripslashes_deep($_POST)` which removes WordPress magic quotes protection, followed by the unsanitized `map_post_type` value being concatenated into an `IN(...)` clause without `esc_sql()` or `$wpdb->prepare()`. The 'any' branch of the same code correctly applies `array_map('esc_sql', ...)`, but the else branch does not. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind approach. Exploitation requires the Geo Search feature to be enabled in plugin settings.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

🚨 HIGH severity: CVE-2026-4061 affects Geo Mashup ≤1.13.18 (WordPress). Unauthenticated SQL injection via 'map_post_type' lets attackers extract sensitive DB data if Geo Search is enabled. Disable Geo Search for now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Edimax
  • BR-6208AC

03 May 2026
Published
03 May 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

🚨 HIGH severity buffer overflow in Edimax BR-6208AC (≤1.02) via /goform/setWAN. Exploit public, no vendor fix. Monitor and segment affected devices! CVE-2026-7685 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • MindsDB

03 May 2026
Published
03 May 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
Pending

KEV

Description

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-7712: MEDIUM severity deserialization vuln in MindsDB ≤26.01 (pickle.loads). Public exploit available, remote attack possible. No vendor response yet. Check your exposure. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Totolink
  • WA300

04 May 2026
Published
04 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Totolink WA300 (5.2cu.7112_B20190227) faces a CRITICAL buffer overflow (CVE-2026-7719) via http_host in /cgi-bin/cstecgi.cgi. Public exploit out, no patch yet. Limit exposure, monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Sudo project
  • Sudo

03 Apr 2026
Published
04 Apr 2026
Updated

CVSS v3.1
HIGH (7.4)
EPSS
0.00%

KEV

Description

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
A sudo vulnerability (CVE-2026-35535) could let any local user gain root on Rocky Linux. Here's how to check, patch, and automate updates: Read more -> tinyurl.com/2kd8ztbp #Security
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Spring
  • Spring Boot

27 Apr 2026
Published
29 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.06%

KEV

Description

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the above does not apply, the application is not vulnerable. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
【脆弱性情報】 CVE-2026-40976 vmwareのspring bootの脆弱性について Spring Boot において、特定の条件下で既定の Web セキュリティが有効に機能せず、認証されていない利用者がすべてのエンドポイントへアクセスできる脆弱性です。
  • 0
  • 0
  • 0
  • 11h ago
Showing 1 to 10 of 19 CVEs