Linux "Copy Fail" Vulnerability
On March 23, a serious vulnerability in the Linux kernel was reported by the cybersecurity company Theori. They named the issue "Copy Fail" (CVE-2026-31431) and it received a CVSS score of 7.8. With the help of a tool developed by them called Xint Code and making use of AI, they analyzed large amounts of code and found the issue.
‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP.
— International Cyber Digest (@IntCyberDigest) April 29, 2026
The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the… pic.twitter.com/wA4sAU6RcN
It is a logical error in the code that has been present for more than 8 years. It allowed a user inside a Linux server to obtain administrator privileges using a small Python script that does not even reach 1 MB in size. The attacker could gain complete access to any Linux distribution released after 2017.
More than 70% of the world's servers use Linux, including tech giants, data centers and cloud providers. This vulnerability had the potential to steal and leak data on a massive scale. Fortunately, the vulnerability was identified, updates are already available and there are guides on how to protect environments that use Linux as their OS.
Xint