Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
[POC] CVE-2026-31431 — page_inject
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
[POC] CVE-2026-31431 — vcheck
Vulnerability detection and mitigation tool for Copy Fail and Dirty Frag bugs (CVE-2026-31431, CVE-2026-43284, CVE-2026-43500)
[POC] CVE-2026-31431 — ansible-mitigate-copyfail-dirtyfrag
Simple Ansible Playbook to mitigate against CopyFail (CVE-2026-31431) and DirtyFrag (CVE-2026-43284) vulnerabilities.
[POC] CVE-2026-31431 — cve-2026-31431-copyfail
CVE-2026-31431 Copy Fail - LPE no kernel Linux
[POC] CVE-2026-31431 — copyfail-exploit
Copy Fail (CVE-2026-31431) LPE exploit. A clean, multi-arch Python reimplementation targeting the Linux kernel AF_ALG page cache vulnerability.
[POC] CVE-2026-31431 — copy-fail-CVE-2026-31431-detection-probe
Safe detection tooling for CVE-2026-31431 "Copy Fail" — a local privilege escalation in the Linux kernel's algif_aead module affecting all major distributions since 2017.
[POC] CVE-2026-31431 — copyfail-safe-check
A safe read-only Linux check for CVE-2026-31431 / Copy Fail without running exploit code.
[POC] CVE-2026-31431 — Copyfail-sh
A Bash implementation of copyfail (CVE-2026-31431)
[POC] CVE-2026-31431 — copyfail-fix
Quick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu/Debian VPS
[POC] CVE-2026-31431 — CopyFile_CVE-2026-31431
Exploit for CVE-2026-31431 (Copy Fail)
PoC: CVE-2026-31431-check
Read-only checker for CVE-2026-31431 (algif_aead local root). Reports kernel/module state and suggests mitigations.
PoC: copyfail
Copy Fail (CVE-2026-31431) is a logic flaw in the Linux kernel's algif_aead module — part of the AF_ALG userspace crypto API. It was disclosed on April 29, 2026 by Theori / Xint Code.
PoC: deny-af-alg-bpf
BPF prog to fix CVE-2026-31431
PoC: copy-fail-CVE-2026-31431-pythonlower3.10
python3.10以下没有os.splice,搞了一个3.10以下版本也可以用的
PoC: CVE_kernellinux_jsh
Framework modular Bash para auditar CVE-2026-31431 (CopyFail) y CVEs relacionados del kernel Linux en distros RPM-based (AlmaLinux, Rocky, CentOS Stream 8/9/10)
PoC: CVE-2026-31431-mitigacion
Explicación de la vulnerabilidad y cómo mitigarla
PoC: rootpacket-cve-2026-31431
CVE-2026-31431 getroot.c from a Turkish Malware
PoC: copy-fail-CVE-2026-31431
Exploit for Copy-Fail Vulnerability - Python3 Version
PoC: CopyFail
go CVE-2026-31431 (CopyFail) local privilege escalation exploit
PoC: CVE-2026-31431
aarch64 and x64 python POC
PoC: copy_fail
copy_fail:CVE-2026-31431
PoC: copyfail-checker
CVE-2026-31431 / Copy Fail Linux kernel vulnerability checker - algif_aead attack path detection
PoC: copy-fail-python
Portable Python PoC for CVE-2026-31431 (Copy Fail)
PoC: waltrone1-copyfail-safe-check
A safe read-only Linux check by WALTRONE for Copy Fail / CVE-2026-31431 without running exploit code.
PoC: copyfail-alpine
More portable POC of copyfail LPE (CVE-2026-31431) that works on Alpine Linux
PoC: CVE-2026-31431-Copy-Fail---Minified-LPE-PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
PoC: ptrace_may_dream
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
PoC: cve-2026-31431-checker
Shell scanner for CVE-2026-31431 "Copy Fail" — a local privilege escalation via Linux kernel page cache corruption (algif_aead/AF_ALG). Checks kernel version, patch status, module state, setuid exposure and mitigations. Supports Debian 11–13 and Ubuntu 20.04–25.10. CI/CD-ready (exit codes + JSON output).
PoC: cve-2026-31431-mitigation
Detection and mitigation tooling for CVE-2026-31431 (Copy Fail) on Linux kernels. Includes Phalanx-CCS and Silent4Labs scripts plus an Ansible playbook to apply temporary mitigation (block algif_aead module or boot parameter) across servers.
PoC: CVE-2026-31431
Local Privilege Escalation. Flips the running user's UID to 0 in /etc/passwd's page cache, then invokes su for a root shell.
PoC: CVE-2026-31431-CopyFail
A repository that stores artifacts, exploit scripts for the writeup at https://4xura.com , targeting the Linux LPE named "Copy Fail"
PoC: asm-copyfail
CVE-2026-31431 (Copy Fail) — Análisis y desarrollo en Ensamblador x86-64 | Analysis and development in x86-64 Assembly
PoC: CVE-2026-31431-Metasploit-exploit
Automated Metasploit post-exploitation module for CVE-2026-31431 ("Copy Fail"). Weaponizes a deterministic logic flaw in the Linux kernel AF_ALG subsystem to achieve local privilege escalation (LPE) to root by safely corrupting a setuid binary directly in the shared Page Cache (RAM) without modifying files on disk
PoC: ProyectoFinalSO
Estudio del bug CVE-2026-31431
PoC: cve-2026-31431
copy fail
PoC: CopyFail
A CopyFail CVE-2026-31431 implementation in python that isnt slop! Bring your own payload
PoC: cve-2026-31431
Analísis - POC - Mitigación
PoC: copy-fail-CVE-2026-31431
copy-fail-CVE-2026-31431
PoC: Copy-Fail-CVE-2026-31431-Lab
Reproduced the fileless LPE CVE‑2026‑31431 (“Copy Fail”) on Kali Linux, then built auditd, Sigma & YARA detections to catch this stealthy kernel exploit that leaves no disk footprint.
PoC: SplicePrivillegeEscalationFIX
this little script blocks the new splice-ram-privlilleg ecalation fastly befor the contributers do it ( CVE-2026-31431) (CopyFail fix)
PoC: CVE-2026-31431
oen liner CVE-2026-31431 test. Created 'sandbox' on sudo user and tests if ir can escape to root
PoC: CVE-2026-31431
A CVE-2026-31431 implementation in c++ and inline assembly dependency free
PoC: copyfail
Copy Fail (CVE-2026-31431)
PoC: CVE-2026-31431-Analysis
Relatório de Análise Técnica: Exploração de Falha de Isolamento no Kernel Linux (CVE-2026-31431)
PoC: CVE-2026-31431-CopyFail-Lab
Lab testing documentation for CVE-2026-31431 (Copy Fail) Linux kernel LPE
PoC: CVE-2026-31431
CVE-2026-31431 - Linux Kernel Page Cache Vulnerability
PoC: CVE-2026-31431
Educational Proof of Concept for CVE-2026-31431 / Copy Fail Linux local privilege escalation via AF_ALG algif_aead
PoC: copyfail2_electric_boogaloo_fix
A temporary mitigation against copy_fail variant (copyfail2_electric_boogaloo) - Unprivileged Linux LPE via xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path. Page-cache write into any readable file. Overwrites a nologin line in /etc/passwd with sick::0:0:…:/:/bin/bash and sus into it. Same class as Copy Fail (CVE-2026-31431), different subsystem.
PoC: Copy_Grail
Elegant C++ exploit for CVE-2026-31431 (Copy Fail) using AF_ALG authenticated encryption + splice(2) to overwrite setuid binary memory
PoC: copy_fail_mitigation
This script will attempt to mitigate the copy_fail attack. CVE-2026-31431
PoC: CVE-2026-31431-Verificador-Exploit
Linux Kernel Local Privilege Escalation
PoC: MitigationToolkit-ROSN-LR5-Full
Kernel LPE PoC & Mitigation Toolkit - ROSN-LR5-Full (CVE-2026-31431)
PoC: DIRTYFAIL
Detector + PoC for Linux page-cache write vulnerabilities: Copy Fail (CVE-2026-31431) and Dirty Frag (CVE-2026-43284/43500). Authorized security research only.
PoC: pagecache-guard
Runtime integrity guard that detects and blocks Linux page cache tampering attacks (Copy Fail CVE-2026-31431, Dirty Pipe, Dirty COW) at execution time. Uses fanotify + O_DIRECT to protect SUID/SGID binaries from privilege escalation via page cache corruption.
PoC: Copy-Fail
CVE-2026-31431 ("Copy Fail") vulnerability detector & exploit
PoC: c-copy-fail
CVE-2026-31431 in C for aarch64 and amd64
PoC: copyfail2-py
One-liner Python LPE for CVE-2026-31431 (CopyFail2). No compilation, no dependencies beyond Python+OpenSSL. Just curl | python3 and get root on Linux 6.5+.
PoC: copy-fail-mitigation-with-bpftrace
CVE-2026-31431, AKA Copy Fail, can be mitigated in one-line with bpftrace
PoC: cve-2026-31431
Esse documento descreve o Exploit publico em python
PoC: CVE-2026-31431
CVE-2026-31431检测和测试
PoC: CVE-2026-31431-Copy-Fail-add-arm64
CVE-2026-31431 漏洞利用python脚本,支持arm64,x86架构
PoC: Copy-fail-CVE-2026-31431-Exploit-in-C
Discovery and original disclosure of CVE-2026-31431: Theori / Xint. Public writeup: https://copy.fail/.
PoC: cve-2026-31431-copy-fail
CVE-2026-31431 Copy Fail
PoC: CVE-2026-31431-live-code-corruption
CVE-2026-31431 (Copy Fail) novel exploit: live code corruption via page cache. Overwrites libc exit() code through MAP_PRIVATE page sharing — affects ALL running processes.
PoC: Estudo-de-Caso-CVE-2026-31431-CopyFail
🔐 Estudo de caso completo do CVE-2026-31431 (CopyFail) — vulnerabilidade crítica de escalada de privilégio no kernel Linux. Inclui análise técnica, scripts de verificação, hardening e playbook de resposta a incidentes. Fins educacionais.
PoC: CVE-2026-31431
"Copy Fail"
PoC: CVE-2026-31431-Copy-Fail-Container-Escape
Container escape on any docker container with healthcheck enabled via CVE-2026-31431
PoC: cve-2026-31431-ftrace
mitigation of cve-2026-31431 using ftrace
PoC: XCP_ng_CVE-2026-31431_tester
Test XCP_ng 8.3 for CVE-2026-31431Vulnerability
PoC: CVE-2026-31431-Copy-Fail---Advanced-LPE-Proof-of-Concept---C-Rewrite
Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel's authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system.
PoC: CVE-2026-31431-Linux-Copy-Fail
Exploit CVE-2026-31431 on Linux using a Rust implementation to achieve local privilege escalation via an arbitrary page cache write primitive.
PoC: CVE-2026-31431
Logic bug in the kernel's authencesn cryptographic template that escalate privilege
PoC: CVE-2026-31431-Check
CVE-2026-31431 Copy Fail Linux kernel vulnerability detection script
PoC: copyfail-c
C implementation for researching Copy Fail (CVE-2026-31431)
PoC: copy-fail
Tutorial Completo: Como Proteger seu contra a Vulnerabilidade CopyFail (CVE-2026-31431)
PoC: CVE-2026-31431-Copy-Fail
My C rewrite of the Copy Fail exploit
PoC: GhostShell
CVE-2026-31431 — Local Privilege Escalation via Linux Kernel Page Cache Corruption
PoC: ubuntu-cve-2026-31431-mitigation
دستورالعملهای کاهش ریسک و بهروزرسانی برای CVE-2026-31431 در سیستمهای اوبونتو، شامل مراحل ارتقاء کرنل و kmod.
PoC: CVE-2026-31431
https://devtint.github.io/CVE-2026-31431
PoC: CVE-2026-31431-copy-fail
32-byte Python script roots every Linux distribution
PoC: CVE-2026-31431-detection-defense
CVE-2026-31431: Detection & Defense Against io_uring Bypass of Existing Detection
PoC: afalg-check
Утилита для Linux, которая проверяет доступность `AF_ALG`/`algif_aead` и помогает оценить риск по `CVE-2026-31431`.
PoC: CVE-2026-31431-CopyFail-static-ELF--POC
587-byte x86_64 LPE for CVE-2026-31431
PoC: CVE-2026-31431-Copy-Fail
CVE-2026-31431 Exploit | by infrar3d
PoC: Copy-Fail---CVE-2026-31431
Script Python pour verifier si un systeme Linux est vulnerable a la faille CVE-2026-31431 (Copy Fail), une elevation de privileges locale dans le noyau Linux.
PoC: copyfail-arm64
Analysis and ARM64 reproduction of Copy Fail (CVE-2026-31431)
PoC: mitigate-copy-fail.yml
Mitigates CVE-2026-31431 (Copy Fail) by unloading and blacklisting algif_aead kernel module if it is loadable and has no active references.
PoC: copyfail-rs
Exploit and detect CVE-2026-31431 vulnerabilities using a static binary that monitors system integrity and bypasses PAM authentication.
PoC: check-copyfail-cve-2026-31431
It’s a read-only Linux risk assessment script for CVE-2026-31431 ("Copy Fail").
PoC: check-copyfail-cve-2026-31431
Read-only Linux Bash script to assess host exposure to CVE-2026-31431 (Copy Fail).
PoC: CVE-2026-31431
PoC for CVE-2026-31431 (Copy Fail)
PoC: CVE-2026-31431
Linux Privilege Escalation | AF_ALG Crypto Abuse → Exploiting AEAD socket handling (CVE-2026-31431) to gain root via kernel-level manipulation
PoC: Mitigaciones
Mitigacion del CVE-2026-31431 BASH
PoC: cve-2026-31431
CVE-2026-31431 Copy Fail: Linux kernel algif_aead LPE — research, detection tooling, YARA rules, and patching guide
PoC: CVE-2026-31431_Kernel_Checker
checking if kernel is VULNERABLE
PoC: RK35xx-CopyFail-Hotfix
RK35xx CopyFail Hotfix: CVE-2026-31431 Patch for Ubuntu 24.04
PoC: copy-fail-CVE-2026-31431-shell
PoC shell exploit for CVE-2026-31431 (copy_fail) — Linux LPE via AF_ALG + splice page-cache overwrite. Single-shot, no race condition, kernel 4.9–6.18.
PoC: copy-fail-checker
Read-only Bash checker for the Copy Fail Linux kernel vulnerability (CVE-2026-31431)
PoC: CopyFail-Penguin
A safe Linux checker for CopyFail/CVE-2026-31431 that reviews kernel version, update status, reboot status, and algif_aead exposure indicators.
PoC: BigFix-CopyFail-AlmaLinux-Content
This repository contains BigFix Content that I created for identifying the AlmaLinux systems that require patching to remediate CVE-2026-31431
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free