Monday, July 6, 2026 | Jonathan Brown
Estimated reading time: 15–18 min

CVE-2026-31431, known as Copy Fail, is the kind of vulnerability that looks smaller on paper than it is in real infrastructure. It is not a remote pre-authentication exploit against a firewall, VPN, or web appliance. It does not let an unauthenticated attacker connect from the internet and immediately seize a Linux server. It is a local privilege-escalation flaw. That means an attacker needs some way to execute code locally first.

That caveat is real. It also should not be comforting.

Modern server compromise is rarely a single-step story. Attackers often begin with a webshell, stolen SSH credential, abused CI runner, exposed application RCE, compromised container, misused service account, or developer-system foothold. Once they have low-privileged execution on a Linux host, the next question is simple: can they become root?

Copy Fail matters because the answer may be yes.

The vulnerability affects the Linux kernel’s algif_aead component, part of the kernel’s userspace cryptographic API exposed through AF_ALG sockets. CERT-EU describes CVE-2026-31431 as a CVSS 7.8 local privilege-escalation flaw in algif_aead, the AEAD socket interface of the Linux kernel’s userspace crypto API. The flaw originates in an in-place optimization introduced in 2017 that allowed page-cache pages to be placed into a writable destination scatterlist.

That description is dry, but the operational result is not: a local unprivileged user can escalate to root. Red Hat describes the issue as a flaw in the Linux kernel’s algif_aead interface that allows a user with a local account to gain root privileges. Microsoft’s security research team likewise describes Copy Fail as a high-severity Linux vulnerability enabling root privilege escalation across cloud environments.

This is not merely an advisory-board curiosity. CISA added CVE-2026-31431 to the Known Exploited Vulnerabilities catalog on May 1, 2026, citing observed exploitation and assigning a May 15, 2026 remediation deadline for federal civilian executive branch agencies under BOD 22-01. By July 6, that deadline is already seven weeks past. Any organization still treating Copy Fail as a fresh research item is behind the threat timeline.

For defenders, the point is not merely that another kernel CVE exists. The point is that this is a post-compromise accelerator across a very broad class of Linux infrastructure.

A bug that turns “application user,” “container user,” “CI job,” or “low-privileged shell” into root is not a low-priority concern just because it is local. In modern infrastructure, local execution is often the first thing attackers obtain after breaching the perimeter. Copy Fail is dangerous because it can convert that limited foothold into control of the host.

What Changed---

Copy Fail became an emergency remediation issue because several factors converged at once.

First, the vulnerability affects a core Linux kernel path rather than a narrow third-party application. It sits in the kernel crypto interface, specifically the algif_aead module and the AF_ALG userspace crypto API.

Second, this is not limited to one obscure distribution build. Microsoft reports that the flaw affects multiple major Linux distributions, including Red Hat, SUSE, Ubuntu, AWS Linux, Debian, Fedora, Arch Linux, and others, depending on kernel version and patch status. Ubuntu states that the issue affects Ubuntu releases before Resolute 26.04 and assigns it CVSS 7.8 / High severity. CERT-EU likewise rates it as high severity.

Third, public proof-of-concept code exists. That changes the defender calculus. A local privilege-escalation vulnerability with a reliable public exploit is not equivalent to a theoretical kernel bug buried in a vendor advisory. Once exploit code is public, attackers do not need to reverse-engineer the patch or rediscover the bug. They can test it, wrap it into post-exploitation workflows, and use it wherever initial access already exists.

Fourth, the exploitation status is no longer speculative. CISA KEV means observed exploitation. Microsoft’s May 1 analysis also says Microsoft Defender was seeing preliminary testing activity and notes the KEV addition. In its vulnerability details, Microsoft describes successful exploitation as full root privilege escalation with possible container-breakout, multi-tenant compromise, and lateral-movement implications in shared environments.

That combination is what makes Copy Fail operationally serious: broad Linux reach, public exploit availability, root-level outcome, cloud/Kubernetes relevance, and confirmed exploitation tracking.

The Core Technical Issue---

The Linux kernel exposes cryptographic functionality to userspace through AF_ALG, a socket-based interface. Applications can use this interface to access kernel crypto primitives. algif_aead is the AEAD side of that interface: authenticated encryption with associated data.

Copy Fail is rooted in how data is copied, mapped, and written during certain crypto operations. The vulnerability traces back to an optimization introduced in 2017. That optimization attempted to operate “in place” rather than copying data out-of-place. In normal engineering terms, that sounds sensible: avoid unnecessary copying and improve efficiency. In kernel security terms, it created dangerous complexity around which pages were writable, which pages came from source mappings, and how the kernel handled scatterlists.

Red Hat’s Bugzilla entry describes the kernel fix as reverting algif_aead to operating out-of-place, mostly reverting commit 72548b093ee3 except for associated-data copying. The entry states that there is no benefit in operating in-place in algif_aead because the source and destination come from different mappings, so the fix removes the complexity added for in-place operation.

That is the kind of fix language defenders should read carefully. It does not say “tighten one bounds check.” It says, in effect, the optimization itself created an unsafe design path. Removing the in-place behavior is the fix.

The exploit path abuses the interaction between the kernel crypto socket interface and zero-copy file handling so that data derived from a readable file can be reflected back into page-cache-backed memory that should not be writable by the attacker. That is the key defender concept: the attacker does not need ordinary write permission to the target file if the kernel can be manipulated into altering the in-memory page-cache copy.

Microsoft’s write-up explains the practical consequence: a local unprivileged attacker can corrupt the cache of a readable file, including setuid binaries, resulting in execution with root privileges. The on-disk file does not need to be modified. That matters for detection, because defenders may not find a changed binary on disk even if the in-memory version was temporarily corrupted during exploitation.

The vulnerability has drawn comparisons to the broader family of Linux page-cache bugs, including Dirty COW and Dirty Pipe. Those comparisons are useful for understanding the risk class, but Copy Fail is not merely a rerun of either earlier bug. The affected subsystem, trigger path, and fix are specific to the algif_aead / AF_ALG crypto interface.

Why “Local Only” Is Not a Safe Downgrade---

The phrase “local privilege escalation” often causes underreaction. Admins hear “local” and mentally translate it into “attacker already has an account,” then push it into normal patch cadence.

That is a mistake.

In real incidents, attackers frequently obtain low-privileged local execution long before they obtain durable control. A web application exploit may land as www-data, apache, nginx, tomcat, coldfusion, or another service account. A stolen SSH credential may belong to a developer, backup user, automation account, or contractor. A container compromise may begin inside a pod without root on the node. A CI runner compromise may execute as a build user. A file-transfer server breach may give access to a restricted account. A compromised monitoring or RMM script may run with more rights than intended but less than full root.

In all those cases, a local-root exploit can change the incident.

Without root, the attacker may be constrained. They may lack access to key files, credential stores, host-level network captures, kernel objects, container runtime sockets, sensitive logs, backup mounts, cloud metadata credentials, or other users’ data. With root, those limits often collapse.

This is why Copy Fail matters for server fleets. It is not the first door into the building. It is the master key an intruder may use once inside.

The “local only” caveat is especially weak in environments where local execution is normal. CI/CD systems are designed to execute untrusted or semi-trusted code. Shared hosting gives many users shell or application-level execution. Kubernetes clusters run arbitrary containers by design. Developer jump boxes, build servers, bastions, and admin workstations often hold access paths into more valuable infrastructure. In those environments, local code execution is not rare. It is the operating model.

The Sequel Already Happened: Dirty Frag and Fragnesia---

The most important update to the Copy Fail story is that it did not remain isolated.

Within weeks, researchers disclosed additional Linux local-root flaws in the same broad bug class: unsafe kernel handling that can corrupt page-cache-backed memory through in-place processing paths.

On May 8, 2026, Sysdig reported Dirty Frag, the paired vulnerabilities CVE-2026-43284 and CVE-2026-43500, disclosed by independent researcher Hyunwoo Kim. Dirty Frag affects Linux kernel paths involving IPsec ESP and RxRPC. Sysdig describes the pair as allowing an unprivileged local user to corrupt arbitrary page caches and pivot to root on many Linux distributions, with a working public proof of concept released the same day.

Dirty Frag is not identical to Copy Fail. It is a different path through the kernel. But strategically, it proves the same defender point: in-place processing shortcuts around shared memory and page-cache-backed data can become local-root primitives.

Then came Fragnesia, tracked as CVE-2026-46300. Tenable describes Fragnesia as a Linux kernel local privilege-escalation vulnerability in the XFRM ESP-in-TCP subsystem, publicly disclosed on May 13, 2026, with public PoC availability. Tenable states that Fragnesia belongs to the same vulnerability class as Dirty Frag because both achieve page-cache writes through the XFRM/ESP subsystem, but that Fragnesia is a distinct vulnerability requiring a separate patch.

This matters because the original Copy Fail thesis is no longer “this pattern might repeat.” It already did.

Copy Fail, Dirty Frag, and Fragnesia together show that Linux page-cache write primitives arising from unsafe in-place kernel processing are now a server-fleet risk class, not a one-off CVE. The exact subsystem may change: AF_ALG, ESP, RxRPC, ESP-in-TCP. The operational consequence is consistent: unprivileged local execution may become root on vulnerable kernels.

That should change how defenders triage these bugs. The right question is not only “Is CVE-2026-31431 patched?” It is also: “Which Linux hosts are exposed to this class of local-root kernel bugs, and how quickly can we patch or mitigate when the next variant appears?”

Kubernetes and Container Risk---

Copy Fail is particularly relevant to Kubernetes and containerized infrastructure because containers share the host kernel. A container is not a virtual machine. It is an isolated process tree using kernel features such as namespaces, cgroups, capabilities, seccomp, and LSM enforcement. The kernel remains the shared trust boundary.

That does not mean every pod can trivially exploit every kernel bug. Container runtime configuration, seccomp profiles, AppArmor or SELinux policy, capabilities, user namespaces, and module availability all matter. But the security model is still clear: if a workload can reach a vulnerable kernel path and exploit it, the blast radius may extend beyond the container.

Microsoft frames Copy Fail as a cloud-environment privilege-escalation issue, and specifically identifies container-breakout, multi-tenant compromise, and lateral movement as possible impact areas. That is the correct lens.

A compromised pod is supposed to be contained. If the attacker can escalate through the host kernel, the compromised pod can become a node problem. Once the node is compromised, the attacker may be able to access other pod data, inspect container runtime state, steal credentials, tamper with workloads, or move laterally through cluster trust relationships.

In Kubernetes, the priority order should be clear. Patch worker nodes that run untrusted, internet-facing, multi-tenant, or high-privilege workloads first. Patch nodes with privileged pods, hostPath mounts, access to container runtime sockets, CI workloads, or broad service-account access before low-risk single-purpose nodes. Control-plane nodes require careful vendor-specific handling, but they are high-value assets and should not be left behind.

Defenders should also avoid thinking of Copy Fail as only a kernel-patching issue. It is a test of container hardening. Seccomp, AppArmor or SELinux, least-privilege pod security, restricted capabilities, read-only filesystems where practical, and tight node-role separation all reduce the chance that a pod-level compromise becomes node-root compromise.

CI/CD Runners and Build Infrastructure---

CI/CD runners are one of the most important Copy Fail exposure classes.

A runner exists to execute code. Sometimes that code is trusted. Sometimes it is pull-request code. Sometimes it is code from forks, contractors, generated build steps, package scripts, or compromised dependencies. Build systems frequently handle secrets: signing keys, registry credentials, deployment tokens, SSH keys, cloud credentials, package-publishing tokens, and internal artifact access.

A local-root exploit on a CI runner can turn a build job into host compromise. From there, an attacker may steal secrets from environment variables, runner configuration, filesystem caches, Docker sockets, artifact stores, or mounted volumes. If runners are reused across jobs or projects, one compromised job can contaminate the build environment for others.

This is why Copy Fail and its related page-cache bug class should be prioritized on GitLab runners, GitHub self-hosted runners, Jenkins agents, Buildkite agents, TeamCity build nodes, internal package builders, container-build hosts, and any Linux system that runs automated jobs from code repositories.

The mitigation is not just “patch.” It is also architectural: ephemeral runners, strict job isolation, no long-lived secrets on shared runners, no privileged Docker socket exposure, narrow cloud roles, signed artifacts, and rapid rebuild of runner images after kernel updates. Copy Fail is a reminder that build infrastructure should be treated as production infrastructure, not as disposable plumbing.

Bastions, Jump Hosts, and Shared Linux Systems---

Bastions and jump hosts are another high-priority category. These systems often have many users, broad network reach, and access to administrative protocols. A low-privileged user on a bastion may not be allowed to read other users’ SSH agents, root-owned configuration, session logs, or privileged tools. Root changes that.

A local-root exploit on a bastion can expose SSH keys, agent sockets, command histories, credentials, internal hostnames, VPN configurations, and admin tooling. Even when MFA protects upstream access, bastions often contain enough operational context to help attackers move laterally.

Shared Linux systems have similar problems. University servers, research clusters, hosting platforms, developer boxes, data-science workstations, and lab infrastructure may have many local users. Local privilege escalation on these systems can become cross-user compromise.

Copy Fail does not need to be remotely exploitable to be serious on shared systems. The attacker already has the required local condition by design.

Detection and Hunting---

Detecting successful kernel local privilege escalation is difficult. Many incidents will not produce a clean “CVE-2026-31431 exploited” log event. Defenders should think in terms of surrounding behavior.

Look for sudden transitions from low-privileged service accounts to root activity. Review suspicious Python execution by web, CI, application, or container users. Investigate unexpected creation or modification of SUID-root files, anomalous root shells, changes to /etc/passwd, /etc/shadow, sudoers files, PAM configuration, SSH authorized keys, systemd units, cron jobs, and container runtime state.

On web servers, correlate possible initial-access events with later root activity. For example, if www-data, apache, nginx, tomcat, or a ColdFusion service account executed unusual scripts shortly before root-level persistence appeared, treat that as a possible escalation chain.

On Kubernetes nodes, review workload events, suspicious exec sessions, privileged pod creation, unusual hostPath mounts, container runtime socket access, and abnormal activity from pods that should have limited permissions. Node-level root compromise may be visible only indirectly through unexpected changes to kubelet state, container runtime data, host networking, or credential access.

On CI runners, inspect job logs, runner filesystem changes, unexpected privileged commands, artifact tampering, credential access, and any job that ran shortly before suspicious host-level changes. If exploit code was public at the time, assume attackers may have embedded it inside otherwise ordinary build steps.

Defenders should also review EDR telemetry for exploit-like behavior, but they should not rely exclusively on endpoint tools. Kernel-level privilege escalation can be brief. Attackers may use it only to spawn a root shell, modify a file, extract secrets, or install persistence, then remove obvious traces.

Mitigation and Remediation---

The primary remediation is straightforward: apply vendor kernel updates that fix CVE-2026-31431 and related page-cache local-root flaws where applicable.

That sounds simple until it meets production reality. Kernel patching usually requires rebooting. Rebooting clusters, database hosts, hypervisors, container nodes, CI runners, and bastions requires coordination. That is why priority matters.

Start with systems where local execution is likely and root impact is high:

Kubernetes and container worker nodes.
CI/CD runners and build hosts.
Bastions and jump hosts.
Shared shell or research systems.
Internet-facing Linux servers with application RCE exposure.
Hosting platforms and multi-tenant systems.
Hypervisors, virtualization hosts, and storage nodes where local users exist.
Servers running high-risk applications such as web stacks, file-transfer systems, RMM agents, monitoring agents, or exposed admin panels.

Where immediate patching is not possible, use vendor-supported mitigations. Some vendor guidance for this family includes disabling or blacklisting affected kernel modules, depending on the specific vulnerability and environment. Dirty Frag and Fragnesia mitigations, for example, may involve ESP/RxRPC-related modules, while Copy Fail centers on the algif_aead / AF_ALG path. Admins should follow distribution-specific instructions rather than applying generic internet commands, because kernel configuration, built-in modules, livepatch availability, and cloud-provider packaging differ.

Mitigations should be treated as temporary. Disabling a kernel module may break workloads that legitimately use that interface. Policy controls such as seccomp, AppArmor, SELinux, or container runtime restrictions may reduce exposure, but they are not a substitute for a fixed kernel unless the vendor explicitly says so for your environment.

After patching, verify. Kernel updates are easy to install but fail to activate until reboot. Confirm the running kernel version, not just the installed package version. In container fleets, verify node images and live node kernels. In Kubernetes, cordon and drain nodes properly, then confirm workloads rescheduled onto patched nodes. In CI environments, rebuild runner images and retire old nodes rather than leaving patched-but-unrebooted machines in rotation.

Incident Response Implications---

If a vulnerable host had suspicious local execution before patching, defenders should not assume patching ends the problem.

A local-root exploit can be used quickly and leave limited direct evidence. If attackers gained root before remediation, they may have added persistence, stolen credentials, modified logs, tampered with binaries, implanted SSH keys, created systemd services, accessed cloud credentials, or moved laterally.

For exposed Linux servers, reconstruct the chain. Ask:

Was there evidence of initial access?
Which account or process had local execution?
Could that account reach the vulnerable kernel interface?
Was the kernel still vulnerable during the intrusion window?
Was there a transition to root-level activity?
Were credentials, tokens, SSH keys, or cloud metadata accessible?
Did the host have access to other infrastructure?
Were containers, mounted volumes, or runtime sockets exposed?
Were CI secrets, deployment keys, or artifact-signing credentials present?

The key point is that Copy Fail changes compromise scope. An incident that might otherwise be limited to an application account may need to be treated as full host compromise if exploitation was plausible.

That has consequences for credential rotation. Root on a Linux server can mean access to local secrets, service credentials, environment files, container secrets, application configs, SSH keys, backup credentials, package registry tokens, and cloud instance metadata. Rotate based on what the host could access, not merely on what logs prove was accessed.

Strategic Significance---

Copy Fail is important beyond this one CVE because it illustrates a broader defender problem: post-compromise Linux privilege escalation is underweighted in many patch programs.

Organizations often prioritize only remote code execution, pre-authentication edge vulnerabilities, and CVSS 9+ appliance bugs. Those are obviously important. But attackers build chains. A medium or high local privilege-escalation bug can be the step that turns a contained application compromise into root, turns a compromised pod into a node compromise, or turns a CI job into a supply-chain incident.

Copy Fail also shows how old kernel optimizations can become modern cloud risk. A 2017 performance-oriented change in a kernel crypto path became a 2026 server-fleet problem because infrastructure evolved around shared kernels, containers, CI automation, and cloud-scale Linux deployment. The bug is local, but the deployment model is global.

Dirty Frag and Fragnesia make that point stronger. The story is no longer about one bad optimization in one kernel subsystem. It is about a repeating Linux vulnerability class where performance shortcuts, shared page-cache behavior, and in-place processing combine into local-root primitives. The practical implication is that defenders should expect more of these patterns, not fewer.

There is also a lesson about security tooling. File-integrity monitoring, EDR, runtime detection, and kernel telemetry can help, but they cannot replace timely kernel patching. A reliable local-root exploit compresses the attacker timeline. The escalation may happen in seconds. Detection often happens later, if at all.

Defender Priorities---

The correct response is not panic. It is disciplined prioritization.

Patch first where local execution is common and root impact is high. That means Kubernetes nodes, CI runners, bastions, shared systems, internet-facing Linux servers, and high-trust infrastructure hosts. Confirm running kernels after reboot. Apply vendor mitigations only as temporary controls. Harden containers and runners so future kernel local-privilege-escalation bugs have fewer paths to exploitation. Hunt for privilege-escalation behavior on vulnerable hosts that had suspicious local execution before remediation.

Security teams should also update incident-response playbooks. When investigating webshells, CI compromise, container breakout attempts, or stolen SSH credentials, check whether the host was vulnerable to Copy Fail, Dirty Frag, Fragnesia, or related page-cache local-root bugs during the intrusion window. If yes, raise the severity of the investigation. Treat “low-privileged shell only” as an assumption requiring proof, not a conclusion.

BCG Assessment


Copy Fail teaches a durable lesson: “local” does not mean “low impact” in modern Linux infrastructure.

For a single locked-down server with no untrusted local execution and no evidence of compromise, CVE-2026-31431 may be a kernel patching task. For Kubernetes nodes, CI runners, bastions, shared systems, web servers, and cloud Linux fleets, it is more serious. It is the kind of bug attackers use after they are already inside, while the defender is still hoping the compromise is contained.

This is no longer an April/May research curiosity. Copy Fail is KEV-listed, the federal remediation deadline has passed, public PoC code exists, and the same page-cache local-root pattern has already repeated through Dirty Frag and Fragnesia. That moves the issue from “patch this CVE” to “treat Linux local-root page-cache bugs as an infrastructure risk class.”

The practical defender message is simple: patch the kernel, verify the running version, prioritize hosts where local execution is realistic, and treat suspicious pre-patch activity as potential full-host compromise. Copy Fail does not replace the need to fix edge systems like SharePoint, NetScaler, VPNs, or RMM platforms. It explains what happens after one of those systems gives an attacker a foothold.

That is why this bug matters. It is not the front door. It is the stairwell to root.

Sources Referenced


CISA / NVD — CVE-2026-31431
National Vulnerability Database entry for CVE-2026-31431, including CISA KEV metadata, date added, due date, severity, and vulnerability description.

Microsoft Security Blog — “CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments”
Microsoft Security research article published May 1, 2026, covering Copy Fail exploitation mechanics, affected Linux cloud environments, container implications, and observed activity.

Red Hat Bugzilla — CVE-2026-31431
Red Hat Bugzilla record for CVE-2026-31431, including kernel fix discussion, algif_aead details, and the revert of the 2017 in-place optimization path.

Red Hat CVE Database — CVE-2026-31431
Red Hat CVE page for CVE-2026-31431, including severity, affected products, mitigation notes, and package status.

CERT-EU Security Advisory — CVE-2026-31431
CERT-EU advisory for Copy Fail describing the Linux kernel algif_aead / AEAD socket vulnerability, CVSS score, affected distributions, and remediation guidance.

Ubuntu Security / Ubuntu Discourse — “Fixes available for CVE-2026-31431 Copy Fail Linux kernel local privilege escalation vulnerability”
Ubuntu security discussion and remediation notice covering affected Ubuntu releases, fixed kernels, severity, and the Resolute 26.04 cutoff.

Sysdig Blog — “Dirty Frag: CVE-2026-43284 and CVE-2026-43500”
Sysdig research article on Dirty Frag, the follow-on Linux kernel local-root flaws in ESP and RxRPC-related paths, with detection and patching context.

Tenable Blog — “Fragnesia CVE-2026-46300 FAQ”
Tenable FAQ on Fragnesia, the XFRM ESP-in-TCP local privilege-escalation flaw related to the same broader page-cache corruption bug class.

Red Hat CVE Database — CVE-2026-46300
Red Hat CVE page for Fragnesia, including affected products, severity, mitigation status, and remediation details.

AlmaLinux Blog — “Dirty Frag patches and mitigation”
AlmaLinux advisory-style blog post covering Dirty Frag patch availability, affected kernels, and mitigation guidance for AlmaLinux systems.


Jonathan Brown is a cybersecurity researcher and investigative journalist at bordercybergroup.com.

If you would like to support our work — useful, well-researched, ad-free cybersecurity intelligence — subscribe, comment, or buy us a coffee! Thanks.