On April 29, researchers at Theori publicly disclosed CVE-2026-31431, a local privilege escalation vulnerability in the Linux kernel's cryptographic subsystem dubbed "Copy Fail." The flaw has been present in every major Linux distribution since 2017. A public proof-of-concept exploit is available and reported to work reliably, drawing comparisons to Dirty Cow and Dirty Pipe.

Patched kernel versions are available, though some major distributions have not yet shipped updates.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.