Endpoint Management

Servers & Cloud Infrastructure

A vulnerability known as "CopyFail" (CVE-2026-31431) has been disclosed affecting all versions of Linux released since 2017, allowing an attacker to locally escalate privileges to root using a 732-byte Python script. Peer institutions have reported attacks leveraging this vulnerability.

Update 05/08/2026: A newly disclosed Linux kernel local privilege escalation vulnerability chain, dubbed “Dirty Frag” and assigned CVE-2026-43284 and CVE-2026-43500, enables attackers with local access to obtain root privileges by exploiting flaws in the ESP (IPsec) and RxRPC subsystems. While no official patches are currently available, a public proof-of-concept exists. Organizations should assume the vulnerability is valid and exploitable under certain conditions. This vulnerability is a successor to Copy Fail (CVE-2026-31431).

Update 05/08/2026: Organizations and users should not undertake to "test" these exploits, as this will cause unnecessary alerts and incident response.

References:
https://copy.fail/
https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc

Enter a full description of the incident. This will appear in the "see all information" view of this alert.

Enter a full description of the incident. This will appear in the "see all information" view of this alert.