24h | 7d | 30d

CVE-2026-31431

Overview

  • Linux
  • Linux
22 Apr 2026
Published
03 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
3.98%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 16 Posts
  • 19 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
#:idle: Don T3rr0r :antifa: @t3rr0rz0n3

Sobre la vulnerabilidad del Kernel (CVE-2026-31431) conocida con el nombre #CopyFail (más información: copy.fail)

Comentaros que ya existen parches disponibles para la mayoría de distribuciones más conocidas:

Anuncio de Ubuntu: ubuntu.com/blog/copy-fail-vuln

Security Tracker de Debian: security-tracker.debian.org/tr

Anuncio de AlmaLinux: ubuntu.com/blog/copy-fail-vuln

Anuncio de Rocky Linux: kb.ciq.com/article/rocky-linux

Security Tracker de Arch Linux: security.archlinux.org/CVE-202

  • 6
  • 6
  • 0
  • 4h ago
Profile picture fallback
OSTechNix @ostechnix

AlmaLinux released critical kernel patches to fix Copy Fail (CVE-2026-31431), a high-severity vulnerability. Update your AlmaLinux systems today.

Full details here: ostechnix.com/almalinux-copy-f

#Copyfail #CVE202631431 #Almalinux #Linuxkernel #Patch #Linuxsecurity

  • 1
  • 2
  • 0
  • 5h ago
Profile picture fallback
Vito Botta @vitobotta

Nine years in the Linux kernel and nobody noticed. "Copy Fail" (CVE-2026-31431) lets any local user grab root in seconds. CISA just added it to KEV. Working exploits for Ubuntu, Amazon Linux, RHEL, SUSE. Patch. - cisa.gov/news-events/alerts/20

  • 0
  • 2
  • 0
  • 22h ago
Profile picture fallback
Edu Minguez 🐧 @minWi

732 bytes to root on every major Linux distro. No race condition. 100% reliable.

That's CVE-2026-31431 (Copy Fail) and it crosses container boundaries, which makes the flood of AI agent sandboxing content this week land differently.
Containers vs gVisor vs microVMs vs Wasm, Lima + libvirt setups, NixOS MicroVMs — all worth a read now.

Also: Claude Code agent teams, PS5 running Linux, Greg KH hunting kernel bugs with a local LLM, and a $20 SFP for 26ns NTP accuracy.

underkube.com/2026-05-03-what-

  • 0
  • 1
  • 0
  • 8h ago
Profile picture fallback
tomcat @tomcat

⚠️ A new flaw is now under active exploitation.

CISA added CVE-2026-31431 to its KEV list. The bug lets low-privilege users gain full root access. Patches released.

Fix deadline: May 15, 2026.

Read: thehackernews.com/2026/05/cisa

  • 0
  • 1
  • 0
  • 4h ago
Profile picture fallback
Claudio C @cktodon

Copy Fail: la #vulnerabilidad de #Linux que lleva 9 años escondida y permite obtener root con un script de 732 bytes

wwwhatsnew.com/2026/05/02/copy

  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
Vito Botta @vitobotta

No setuid. No interactive users. No Python. No shell. Talos Linux barely flinched at Copy Fail. The kernel's still vulnerable and patched kernels shipped before disclosure, but the defaults carried the day. - siderolabs.com/blog/exploit-fa

  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Stefan Schmidt @zaphodb

@zhenech probably judging by though the verdict is still out apart from v3.1 self assessed. Linux kernel pfft, who do they think they are. ;)

nvd.nist.gov/vuln/detail/CVE-2

So your CISO is a beancounter?

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Vito Botta @vitobotta

Microsoft's Copy Fail threat report expects exploitation to ramp up soon. CISA added it to KEV on May 1. Five-phase attack chain, and the TLDR: treat any container RCE as potential host compromise. 732 bytes to root. - microsoft.com/en-us/security/b

  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
funz @funz

@besendorf für Debian security-tracker.debian.org/tr

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CopyFail Linux Kernel Zero-Day & Agentic AI Risks: Why 2026’s Patch Tsunami is Already Here + Video Introduction: The Linux kernel’s `algif_aead` module has just yielded CVE-2026-31431, dubbed “Copy Fail” – a local privilege escalation with a public exploit and CISA KEV enrollment. Simultaneously,…
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments | Microsoft Security Blog www.microsoft.com/en-us/securi...
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) - Help Net Security www.helpnetsecurity.com/2026/04/30/c...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
CISA adds CVE-2026-31431, aka Copy Fail, to its Known Exploited Vulnerabilities list. This Linux kernel bug allows local privilege escalation and affects cloud/container environments. Patches released for versions 6.18.22, 6.19.12, 7.0. #LinuxKernel #USA
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
softfantw.eurosky.social @softfantw.eurosky.social
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV thehackernews.com/2026/05/cisa...
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Linux kernel LPE & DoS vulnerabilities (CVE-2026-31431 / CVE-2026-43033) affect #Debian 11 Bullseye. Detection commands, full fix script, and temporary mitigations inside. Update to kernel 5.10.251-3. 🛡️ Full guide & script Read more- > tinyurl.com/yfpvfpa8 #Security
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-41940

Overview

  • WebPros
  • cPanel
29 Apr 2026
Published
01 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
28.36%
KEV

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

  • 7 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture fallback
ThreatNoir @threatnoir

2026-W18 — Weekly Threat Roundup

🚨 Critical cPanel authentication bypass (CVE-2026-41940) under mass exploitation for ransomware deployment
🔗 Supply chain attacks hit SAP packages and PyTorch Lightning, stealing developer credentials
👮 Two US cybersecurity professionals sentenced to 4 years for conducting BlackCat ransomware at…

threatnoir.com/weekly/2026-w18

  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Kaito @kaito02

cPanel / WHM vuln

labs.watchtowr.com/the-interne

  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
(in)sicurezza digitale @blog

CVE-2026-41940: il bug CRLF di cPanel che ha consegnato 44.000 server al ransomware “Sorry”

Una vulnerabilità critica CVSS 9.8 nel pannello di controllo hosting più diffuso al mondo — sfruttata in silenzio per mesi prima della patch — ha permesso a un gruppo criminale di compromettere oltre 44.000 server e distribuire il ransomware “Sorry”. La tecnica: un’iniezione CRLF nel daemon di autenticazione di cPanel che consente accesso root senza credenziali.

insicurezzadigitale.com/cve-20

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Techpresso @techpresso.bsky.social
BREAKING: A critical cPanel vulnerability (CVE-2026-41940) is being mass-exploited, with at least 44,000 servers compromised worldwide and now actively used to launch further attacks.
  • 0
  • 1
  • 0
  • 15h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
cPanel zero-day exploited for months before patch release (CVE-2026-41940) - Help Net Security www.helpnetsecurity.com/2026/04/30/c...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940)
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
ecrime.ch @ecrime.ch
Critrical cPanel flaw mass-exploited in A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach Read more: https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-3854

Overview

  • GitHub
  • Enterprise Server
10 Mar 2026
Published
29 Apr 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.30%
KEV

Description

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Felhasználó @felhasznalo

prog.hu/hirek/7088/github-cve-

#magyar #hungarian #GitHub

  • 0
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854) - Help Net Security www.helpnetsecurity.com/2026/04/29/c...
  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-2554

Overview

  • wclovers
  • WCFM – Frontend Manager for WooCommerce
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.03%
KEV

Description

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfm_delete_wcfm_customer' due to missing validation on the 'customerid' user controlled key. This makes it possible for authenticated attackers, with Vendor-level access and above, to delete arbitrary users, including Administrators.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔒 CVE-2026-2554: HIGH-severity IDOR in WCFM – Frontend Manager for WooCommerce lets Vendor+ users delete any account, incl. admins. No patch yet. Restrict Vendor access & monitor user deletions. More: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 16h ago

CVE-2026-34159

Overview

  • ggml-org
  • llama.cpp
01 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.53%
KEV

Description

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been patched in version b8492.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Hugo Valters @hugovalters

CVE-2026-34159: llama.cpp RPC backend has an unauthenticated, no-bounds-check RCE. Zero buffer field in deserialize_tensor() allows arbitrary memory read/write. No auth, low complexity, CVSS 9.8. Patch to b8492 immediately. #infosec #llamacpp #rce

valtersit.com/cve/2026/04/cve-

  • 0
  • 1
  • 0
  • 16h ago

CVE-2026-33825

Overview

  • Microsoft
  • Microsoft Defender Antimalware Platform
14 Apr 2026
Published
30 Apr 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
3.95%
KEV

Description

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

May 3, 2026 Cyber Brief:
AI identities outpacing governance.
Defender exploited (CVE-2026-33825).
Linux LPE added to KEV.
ScreenConnect resurfaces.
ADT breach confirmed.
OFAC freezes $344M in USDT.

Your security stack is now part of your attack surface.

thecybermind.co/2026/05/03/exe

  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-5063

Overview

  • webaways
  • NEX-Forms – Ultimate Forms Plugin for WordPress
03 May 2026
Published
03 May 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.03%
KEV

Description

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH-severity XSS (CVE-2026-5063) in NEX-Forms – Ultimate Forms Plugin for WordPress (≤9.1.11): Unauthenticated attackers can inject persistent scripts. No patch yet — disable vulnerable versions and monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-4061

Overview

  • cyberhobo
  • Geo Mashup
02 May 2026
Published
02 May 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook explicitly calling `stripslashes_deep($_POST)` which removes WordPress magic quotes protection, followed by the unsanitized `map_post_type` value being concatenated into an `IN(...)` clause without `esc_sql()` or `$wpdb->prepare()`. The 'any' branch of the same code correctly applies `array_map('esc_sql', ...)`, but the else branch does not. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind approach. Exploitation requires the Geo Search feature to be enabled in plugin settings.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH severity: CVE-2026-4061 affects Geo Mashup ≤1.13.18 (WordPress). Unauthenticated SQL injection via 'map_post_type' lets attackers extract sensitive DB data if Geo Search is enabled. Disable Geo Search for now. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-7685

Overview

  • Edimax
  • BR-6208AC
03 May 2026
Published
03 May 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 HIGH severity buffer overflow in Edimax BR-6208AC (≤1.02) via /goform/setWAN. Exploit public, no vendor fix. Monitor and segment affected devices! CVE-2026-7685 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-7684

Overview

  • Edimax
  • BR-6428nC
03 May 2026
Published
03 May 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🛡️ Buffer overflow (CVE-2026-7684, HIGH) in Edimax BR-6428nC (1.0 – 1.16) via /goform/setWAN. Public exploit exists. No patch from vendor. Mitigate by restricting remote access or replacing device. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago
Showing 1 to 10 of 21 CVEs