Threat actors are exploiting a vulnerability in the Linux Kernel tracked as CVE-2026-31431. Named Copy Fail, it’s a critical Linux kernel local privilege escalation vulnerability that allows unprivileged users to gain root by corrupting the page cache of setuid binaries via the AF_ALG crypto API. The vulnerability was discovered and reported by Theori and Xint. CISA also acknowledged the active exploitation of the vulnerability … Continue reading “Linux Kernel Vulnerability Exploited in the Wild (Copy Fail) (CVE-2026-31431)”