## https://sploitus.com/exploit?id=AC829525-21FD-578C-AED2-FF1304EE20C7
# Copy-Fail CVE-2026-31431 Static Go PoC
This repository contains a Go port of the public Python proof of concept from
[`theori-io/copy-fail-CVE-2026-31431`](https://github.com/theori-io/copy-fail-CVE-2026-31431).
The program is Linux-only. It uses the Linux `AF_ALG` interface, AEAD control
messages, and `splice(2)` to preserve the behavior of the original PoC while
building as a small static Go binary.
## Supported Targets
Release builds are generated for:
- `linux/amd64`
- `linux/arm64`
- `linux/386`
macOS and Windows builds are intentionally not published because the PoC depends
on Linux-specific kernel interfaces.
## Download
Tagged releases publish compressed static binaries and a checksum manifest:
- `copy-fail-poc-linux-amd64.tar.gz`
- `copy-fail-poc-linux-arm64.tar.gz`
- `copy-fail-poc-linux-386.tar.gz`
- `SHA256SUMS`
Verify a downloaded artifact with:
```sh
sha256sum -c SHA256SUMS
```
## Build Locally
Requirements:
- Go 1.25 or newer
- Linux target support from the Go toolchain
Build the current host architecture:
```sh
CGO_ENABLED=0 go build -trimpath -ldflags='-s -w -buildid=' -o copy-fail-poc ./cmd/copy-fail-poc
```
Cross-build a Linux target:
```sh
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -trimpath -ldflags='-s -w -buildid=' -o copy-fail-poc-linux-amd64 ./cmd/copy-fail-poc
```
Run tests:
```sh
go test ./...
go vet ./...
```
The tests only cover non-destructive helper logic. They do not execute the PoC
trigger path.
## Usage
Run the binary on a Linux system that you own or are explicitly authorized to
test:
```sh
./copy-fail-poc
```
The behavior depends on the target kernel and local system configuration. The
binary does not guarantee successful exploitation on every Linux system.
## Release Process
The GitHub Actions workflow runs on tags matching `v*` and can also be started
manually from the Actions tab.
Create a release:
```sh
git tag v0.1.0
git push origin v0.1.0
```
For tag builds, the workflow creates a GitHub Release and uploads the Linux
artifacts plus `SHA256SUMS`. For manual runs, artifacts are available from the
workflow run.
## Security Notice
This project is provided for authorized security research, defensive validation,
and educational review only. Do not run it on systems you do not own or do not
have explicit permission to test. You are responsible for complying with all
applicable laws, contracts, and policies.
## Credits
- Original PoC: [`theori-io/copy-fail-CVE-2026-31431`](https://github.com/theori-io/copy-fail-CVE-2026-31431)