An exploit has been published for a local privilege escalation vulnerability dubbed “Copy Fail” that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions.

The vulnerability is tracked as CVE-2026–31431 and was discovered by the offensive security company Theori, using its AI-driven pentesting platform Xint Code after scaning the Linux crypto/ sybsystem for about an hour.

Theori reported the finding to the Linux kernel security team on March 23, and patches became available within a week. Technical details and a proof-of-concept exploit for the flaw emerged publicly yesterday.