Scoopfeeds — Intelligent news, curated.
Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers
ai

Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers

Wired · May 1, 2026, 8:30 PM · Also reported by 1 other source

Key takeaways

  • The vulnerability and exploit code that exploits it were released Wednesday evening by researchers from security firm Theori, five weeks after privately disclosing it to the Linux kernel security team.
  • The critical flaw, tracked as CVE-2026-31431 and the name CopyFail, is a local privilege escalation, a vulnerability class that allows unprivileged users to elevate themselves to administrators.
  • From there they can read every file, install backdoors, watch every process, and pivot to other systems.”

Why this matters: a development in AI with implications for how people work, create, and decide.

Photo-Illustration: WIRED Staff; Getty Images Comment Loader Save Story Save this story Comment Loader Save Story Save this story Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal devices.

The vulnerability and exploit code that exploits it were released Wednesday evening by researchers from security firm Theori, five weeks after privately disclosing it to the Linux kernel security team. The team patched the vulnerability in versions 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254) but few of the Linux distributions had incorporated those fixes at the time the exploit was released.

The critical flaw, tracked as CVE-2026-31431 and the name CopyFail, is a local privilege escalation, a vulnerability class that allows unprivileged users to elevate themselves to administrators. CopyFail is particularly severe because it can be exploited with a single piece of exploit code—released in Wednesday’s disclosure—that works across all vulnerable distributions with no modification. With that, an attacker can, among other things, hack multi-tenant systems, break out of containers based on Kubernetes or other frameworks, and create malicious pull requests that pipe the exploit code through CI/CD work flows.

Article preview — originally published by Wired. Full story at the source.
Read full story on Wired → More top stories

Also covered by

Hacker News Copy Fail: 732 Bytes to Root on Every Major Linux Distribution

More in ai

VentureBeat AI
Salesforce launches Agentforce Operations to fix the workflows breaking enterprise AI
VentureBeat AI
200,000 MCP servers expose a command execution flaw that Anthropic calls a feature
Wired
A Dark-Money Campaign Funded by Silicon Valley Billionaires Is Paying Influencers to Frame Chinese AI as a Threat
Wired
This Eye-Catching Indoor Garden Is 20 Percent Off Right Now
Wired
The Next Alzheimer’s Breakthrough Will Take More Than Just Science

Browse all ai coverage →

Aggregated and edited by the Scoop newsroom. We surface news from Wired alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop