{"uuid": "6fbf8982-2fdd-4dba-b03f-6651974987cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116496993374350234", "content": "As mentioned earlier in this thread, the su corruption route was only one possible strategy to be used by this exploit.\nHere's another variant of the exploit that doesn't have to rely on such things to achieve its goal.\nFor example, the simple escalate argument simply removes the password requirement for su'ing to root.  There are other payloads also possible.\nSuch exploits will not have process 'su' launched '/bin/sh IOCs in the syslogs.  Perhaps all that is relevant is the alg: No test for authencesn(hmac(sha256),cbc(aes)) (authencesn(hmac-sha256-lib,cbc-aes-aesni)) part.  But there's no evidence of what was done.", "creation_timestamp": "2026-05-01T02:37:38.256314Z"}