CISA Adds Linux Root Access Bug CVE-2026-31431 to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw affecting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, identified as CVE-2026-31431, is a local privilege escalation flaw that allows an unprivileged local user to gain root access. This flaw, known as Copy Fail, was introduced through changes to the Linux kernel in 2011, 2015, and 2017. It impacts Linux distributions shipped since 2017 and poses a significant risk to cloud environments, particularly containerized systems like Docker and Kubernetes. The flaw allows attackers to inject code into privileged binaries, potentially breaching container isolation. A fully working exploit proof-of-concept is available, increasing the urgency for mitigation. 
