Written by Jason Taylor
CVE-2026-31431 is a high rated vulnerability that allows privilege escalation to root on Linux distributions that do not have the latest kernel patches. This vulnerability, dubbed Copy Fail, is a local privilege escalation exploit that can elevate any regular Linux user to the administrative Root user account in a few lines of Python.
Public Proof of Concept’s are published and work on any Linux distribution that has not been patched. Additionally, this exploit is trivial to port to other languages where Python is unavailable, with Go and Rust exploits already published.
What to Do Now
If your organization has Linux servers that have not been patched in April 2026, you should ensure these systems are updated as soon as possible. This patch should be prioritized on multi-tenant Linux systems where multiple non-administrative users login or execute code.
Single-owner systems or internal systems that do not allow non-administrative users to execute code can be delayed until a normal patch cycle, although we still recommend patching to protect against privilege escalation in the event a malicious actor can gain code execution via other means or other vulnerabilities.
References
https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
https://github.com/sammwyy/copyfail-rs
https://github.com/badsectorlabs/copyfail-go
Jason Taylor
Search The Exploit Blog
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless
