Share
## https://sploitus.com/exploit?id=34FF09E4-1C45-5B5D-8CA0-ED611315DE38
# CopyFail: CVE-2026-31431

Python implementation of [copy.fail](https://copy.fail). Overwrites the page cache of a setuid-root binary via AF_ALG + splice to get root. No race, no offsets  works on any Linux distro since 2017.

## Requirements

- Python 3.6+ (3.12+ uses `os.splice` natively; older versions fall back to ctypes)
- Linux kernel with `authencesn(hmac(sha256),cbc(aes))` if missing: `modprobe authencesn hmac cbc`

## Architectures

`x86_64` `i386/i686` `armv6l/armv7l` `aarch64`

## Usage

```bash
python3 copyfail.py           # run exploit
python3 copyfail.py --check   # pre-flight diagnostics
python3 copyfail.py --scan    # find setuid-root binaries on this system
```

## References

- [copy.fail](https://copy.fail)
- [theori-io/copy-fail-CVE-2026-31431](https://github.com/theori-io/copy-fail-CVE-2026-31431)