The U.S. government has issued a warning regarding a severe security vulnerability, known as "CopyFail," that affects major versions of the Linux operating system. The Cybersecurity and Infrastructure Security Agency (CISA) reports that the bug is currently being used in active hacking campaigns.
Officially tracked as CVE-2026-31451, the vulnerability was discovered in Linux kernel versions 7.0 and earlier. Security researchers recently released exploit code that allows attackers to take complete control of vulnerable systems.
The Linux kernel security team received notice of the flaw in late March. Patches were issued approximately one week after the initial notification, but the fix has not yet reached all users.
TechCrunch reports that patches have yet to fully trickle down to many Linux distributions that rely on the vulnerable kernel. This delay leaves many systems exposed to complete compromise.
The flaw poses a massive risk to the global infrastructure powering datacenters and enterprise computing. The CopyFail website claims that a single short Python script "roots every Linux distribution shipped since 20lar7."
Security firm Theori, which discovered the vulnerability, verified the bug in several high-profile distributions. Affected versions include Red Hat Enterprise Linux 10.1, Ubuntu 24.04 (LTS), Amazon Linux 2023, and SUSE 16.
Because Linux remains the backbone of much of the world's server environments, the delay in distribution-level updates leaves critical infrastructure at risk.
