CISA Adds "Copy Fail" Vulnerability to KEV Catalog Due to Active Exploitation

CISA has added CVE-2026-31431, dubbed "Copy Fail," to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation targeting Linux systems. The vulnerability allows a local unprivileged user to escalate privileges to root by exploiting a controlled memory write flaw in the kernel. No specific attack vectors, affected Linux distributions, or exploitation timelines are detailed beyond the active in-the-wild abuse. The advisory emphasizes the urgency of patching the kernel to mitigate the risk. The flaw’s inclusion in the KEV catalog signals its severity and confirmed exploitation.