Exploits

Linux Privilege Escalation | AF_ALG Crypto Abuse → Exploiting AEAD socket handling (CVE-2026-31431) to gain root via kernel-level manipulation

Explicación de la vulnerabilidad y cómo mitigarla

cPanel-WHM-CVE-2026-41940-AuthBypass

Mitigacion del CVE-2026-31431 BASH

CVE-2026-41940: detect and exploit cpanel vuln

This repository contains a Python verification script for `CVE-2026-41940`, a critical authentication bypass vulnerability disclosed in cPanel & WHM. > This project is intended for authorized defensive validation only. It is not intended for exploit development, unauthorized access, or misuse against systems you do not own or administer.

Sorry ransomware (.sorry) IOCs, YARA rules and forensic analysis - CVE-2026-41940 cPanel campaign

CVE-2026-41940 — cPanel & WHM Authentication Bypass via Session-File CRLF Injection

Copy Fail (CVE-2026-31431) LPE exploit. A clean, multi-arch Python reimplementation targeting the Linux kernel AF_ALG page cache vulnerability.

CVE-2026-31431 Copy Fail: Linux kernel algif_aead LPE — research, detection tooling, YARA rules, and patching guide

checking if kernel is VULNERABLE

RK35xx CopyFail Hotfix: CVE-2026-31431 Patch for Ubuntu 24.04

PoC shell exploit for CVE-2026-31431 (copy_fail) — Linux LPE via AF_ALG + splice page-cache overwrite. Single-shot, no race condition, kernel 4.9–6.18.

Safe detection tooling for CVE-2026-31431 "Copy Fail" — a local privilege escalation in the Linux kernel's algif_aead module affecting all major distributions since 2017.

Read-only Bash checker for the Copy Fail Linux kernel vulnerability (CVE-2026-31431)

A safe Linux checker for CopyFail/CVE-2026-31431 that reviews kernel version, update status, reboot status, and algif_aead exposure indicators.

This repository contains BigFix Content that I created for identifying the AlmaLinux systems that require patching to remediate CVE-2026-31431

cPanel/WHM Authentication Bypass Proof of Concept — CVE-2026-41940

Audit and incident response tool for CVE-2026-41940 vulnerability