A single Python script grants root access on virtually all Linux distros, with working exploit code now public and most distros still unpatched.
Security firm Theori publicly released exploit code for CVE-2026-31431 ('CopyFail'), a local privilege escalation vulnerability affecting virtually all Linux releases. The exploit was disclosed to the Linux kernel security team five weeks prior; patches exist in kernel versions 5.10.254 through 7.0, but most major Linux distributions had not yet incorporated the fixes at time of release. A single Python script exploits Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12 without modification. Attackers with any code execution foothold can escalate to root, break out of Kubernetes containers, and inject malicious code through CI/CD pipelines.
CopyFail is a local privilege escalation that requires only unprivileged code execution to achieve root. The working exploit targets Ubuntu 22.04, Amazon Linux 2023, SUSE 15.6, and Debian 12 with zero modification — meaning any code you execute from untrusted input, any compromised dependency, or any shared container tenant is now a full system compromise vector. CI/CD pipelines that pull from external repos are explicitly named as an attack surface.
Run `uname -r` on every production and staging Linux host today and cross-reference against patched kernel versions (5.10.254, 5.15.204, 6.1.170, 6.6.137, 6.12.85, 6.18.12, 6.19.12, 7.0). Any unpatched host running shared workloads or exposed CI/CD pipelines is a critical P0 — escalate to your infra team immediately.
SSH into your primary Linux server and run: uname -r
Tags
Also today
Signals by role
Also today
Tools mentioned