Cybersecurity authorities have raised a serious alarm after a newly disclosed Linux vulnerability, known as “Copy Fail,” is now being actively exploited in real-world attacks just a day after its public disclosure.
Tracked as CVE-2026-31431, the flaw exists in the Linux kernel’s algif_aead cryptographic interface. It allows unprivileged local users to gain full root access on affected systems. Attackers can exploit this bug by writing controlled data into the page cache of readable files, ultimately taking complete control of the system.
Security researchers from Theori revealed the vulnerability and released a proof-of-concept exploit, describing it as fully reliable. The exploit has already been tested successfully on major distributions, including Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16. According to researchers, the same exploit works across nearly all Linux distributions released since 2017 without modification, making the issue extremely widespread.
Shortly after the disclosure, the Cybersecurity and Infrastructure Security Agency added the vulnerability to its Known Exploited Vulnerabilities catalog. The agency has instructed U.S. federal agencies to patch affected systems within two weeks, warning that such flaws are commonly used by attackers and pose significant risks.
Although the directive officially applies to government systems, security experts are urging all organizations and Linux users to update their systems immediately. At the time of disclosure, some vendors had not yet released official patches, though updates are now beginning to roll out.
This incident follows another recent Linux security issue, CVE-2026-41651, also known as Pack2TheRoot, which had remained undiscovered for years before being fixed.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The rapid exploitation of the Copy Fail bug highlights how quickly attackers move once vulnerabilities become public, making timely patching critical for system security.
