VulnerabilityBleeping Computer
8.8 — CRITICAL
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
CISA has warned that threat actors have started exploiting the "Copy Fail" Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
The 'Copy Fail' Linux security vulnerability (CVE-2026-31431) has been exploited in the wild, allowing threat actors to gain root privileges on unpatched Linux systems. This vulnerability was previously disclosed by Theori researchers and is now tracked as a Known Exploited Vulnerability (KEV) by CISA.
⚙️Technical Details
CVEs
CVE-2026-31431CVE-2026-41651
Affected Systems
Linux Linux KernelPackagekit Project Packagekit
Attack Vectors
AV:L/AC:L/UI:N/S:U/C:H/I:H/A:H
💥Impact Assessment
Severity: critical
Who Is at Risk
Federal Civilian Executive Branch (FCEB) agencies, U.S. government agencies, and all security teams with Linux endpoints and servers
🛡️Recommended Actions
1Apply mitigations per vendor instructions for CVE-2026-31431 patches within two weeks by May 15
2Prioritize CVE-2026-31431 patches for cloud services and discontinue use of affected products if mitigations are unavailable
3Regularly update Linux systems with the latest kernel updates to prevent exploitation
📦Affected Products
Linux Linux KernelPackagekit Project Packagekit
🔐NVD Verified DataVERIFIED
CVE-2026-31431 ↗CVSS 7.8 — HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-669
Affected Products (CPE)
Linux Linux Kernel
CVE-2026-41651 ↗CVSS 8.8 — HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-367
Affected Products (CPE)
Packagekit Project Packagekit
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.