CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2026-31431 to its KEV catalog, putting Federal Civilian Executive Branch (FCEB) agencies on notice to remediate an actively exploited Linux privilege-escalation flaw. The action matters because the bug can let an unprivileged local user gain root on affected systems. Agencies were told to apply fixes by May 15, 2026.
Related Happenings
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
Vulnerability
H score28
First: 08.07.2026 09:16
Last: 08.07.2026 09:16
Sources 1
About this happening:
Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
VulnerabilityAbout this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
Vulnerability
H score23
First: 03.07.2026 22:40
Last: 03.07.2026 22:40
Sources 1
About this happening:
**Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
VulnerabilityAbout this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)
Vulnerability
H score30
First: 26.06.2026 16:00
Last: 26.06.2026 16:00
Sources 1
About this happening:
A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...
Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)
VulnerabilityAbout this happening: A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
Vulnerability
H score29
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
VulnerabilityAbout this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch Release
H score34
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch ReleaseAbout this happening: **Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Timeline
-
03.05.2026 09:26 1 articles · 2mo ago
CISA adds CVE-2026-31431 to KEV catalog
Initial DisclosureCISA added CVE-2026-31431, a Linux kernel local privilege escalation flaw also tracked as Copy Fail, to the Known Exploited Vulnerabilities catalog after evidence of active exploitation in the wild.
Show sources
- CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV — thehackernews.com — 03.05.2026 09:26
-
03.05.2026 09:26 1 articles · 2mo ago
Researchers detail Copy Fail exploit mechanics and testing
Technical Analysis UpdateSecurity researchers described Copy Fail as a Linux kernel logic bug that can be triggered with a 732-byte Python-based exploit to corrupt the page cache and elevate a local user to root; Kaspersky said Go and Rust proof-of-concept variants were already in open-source repositories, and Microsoft Defender Security Research Team reported preliminary testing activity.
Show sources
- CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV — thehackernews.com — 03.05.2026 09:26
-
03.05.2026 09:26 2 articles · 2mo ago
FCEB remediation deadline set for May 15, 2026
Legal Policy Action UpdateFederal Civilian Executive Branch agencies were advised to apply fixes for CVE-2026-31431 by May 15, 2026 after impacted Linux distributions pushed updates; if patching was not immediate, organizations were told to disable the affected feature, isolate systems, and enforce access controls.
Show sources
- CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV — thehackernews.com — 03.05.2026 09:26
- CISA says ‘Copy Fail’ flaw now exploited to root Linux systems — www.bleepingcomputer.com — 04.05.2026 14:28