## https://sploitus.com/exploit?id=D98D126C-CD0E-5C31-8484-9527EE974E28
# CVE-2026-31431 โ Copy Fail
**Severity:** Critical
**CVSS v3.1:** 9.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
**Status:** Public Exploit Available
---
## Summary
CVE-2026-31431 ("Copy Fail") is a local privilege escalation vulnerability in the Linux kernel cryptographic subsystem.
Any unprivileged user can escalate to **root within seconds** using a minimal Python script (~732 bytes), affecting most Linux systems compiled after 2017.
---
## Impact
- Full system compromise (root access)
- Cross-container / cross-tenant breakout
- No disk artifacts (memory-resident execution)
- Difficult to detect using FIM/SIEM
---
## Affected Systems
- Linux kernel builds including `CONFIG_CRYPTO_USER_API_AEAD`
- Most distributions compiled after 2017
---
## Mitigation
๐ See: [docs/mitigation.md](docs/mitigation.md)
---
## Technical Details
๐ See: [docs/technical-analysis.md](docs/technical-analysis.md)
---
## Detection
๐ See: [ioc/detection-rules.md](ioc/detection-rules.md)
---
## References
- copy.fail
- Sysdig TRT
- Bugcrowd
- CloudLinux Security Blog
---
## Disclaimer
Do not run exploit code in production systems.