CVE-2026-31431

HIGH CISA KEV

Published Apr 22, 2026 Modified May 12, 2026 CWE-669

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS — Exploit Prediction

0.0257

Probability of exploitation

0.86%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: May 1, 2026 Remediation due: May 15, 2026

Weakness Type (CWE)

CWE-669 CWE-669

Affected Products

Vendor	Product	Versions
linux	linux_kernel	4.14 — 5.10.254
linux	linux_kernel	5.11 — 5.15.204
linux	linux_kernel	5.16 — 6.1.170
linux	linux_kernel	6.2 — 6.6.137
linux	linux_kernel	6.7 — 6.12.85
linux	linux_kernel	6.13 — 6.18.22
linux	linux_kernel	6.19 — 6.19.12
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
redhat	openshift_container_platform	All
redhat	enterprise_linux	All
redhat	enterprise_linux	All
redhat	enterprise_linux	All
redhat	enterprise_linux	All
amazon	amazon_linux	All
canonical	ubuntu_linux	All
debian	debian_linux	All
debian	debian_linux	All
debian	debian_linux	All
opensuse	leap	All
opensuse	leap	All
opensuse	leap	All
opensuse	leap	All
suse	caas_platform	All
suse	enterprise_storage	All
suse	enterprise_storage	All
suse	enterprise_storage	All
suse	manager_proxy	All
suse	manager_proxy	All
suse	manager_proxy	All
suse	manager_proxy	All
suse	manager_retail_branch_server	All
suse	manager_retail_branch_server	All
suse	manager_retail_branch_server	All
suse	manager_retail_branch_server	All
suse	manager_server	All
suse	manager_server	All
suse	manager_server	All
suse	manager_server	All
suse	openstack_cloud	All
suse	openstack_cloud_crowbar	All
suse	basesystem_module	All
suse	basesystem_module	All
suse	basesystem_module	All
suse	basesystem_module	All
suse	basesystem_module	All
suse	basesystem_module	All
suse	basesystem_module	All
suse	development_tools_module	All
suse	development_tools_module	All
suse	development_tools_module	All
suse	development_tools_module	All
suse	development_tools_module	All
suse	development_tools_module	All
suse	development_tools_module	All
suse	legacy_module	All
suse	linux_enterprise_desktop	All
suse	linux_enterprise_desktop	All
suse	linux_enterprise_desktop	All
suse	linux_enterprise_desktop	All
suse	linux_enterprise_desktop	All
suse	linux_enterprise_desktop	All
suse	linux_enterprise_desktop	All
suse	linux_enterprise_desktop	All
suse	linux_enterprise_desktop	All
suse	linux_enterprise_high_availability_extension	All
suse	linux_enterprise_high_availability_extension	All
suse	linux_enterprise_high_availability_extension	All
suse	linux_enterprise_high_availability_extension	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_high_performance_computing	All
suse	linux_enterprise_live_patching	All
suse	linux_enterprise_live_patching	All
suse	linux_enterprise_live_patching	All
suse	linux_enterprise_live_patching	All
suse	linux_enterprise_live_patching	All
suse	linux_enterprise_micro	All
suse	linux_enterprise_micro	All
suse	linux_enterprise_micro	All
suse	linux_enterprise_micro	All
suse	linux_enterprise_micro	All
suse	linux_enterprise_micro	All
suse	linux_enterprise_micro	All
suse	linux_enterprise_micro	All
suse	linux_enterprise_micro	All
suse	linux_enterprise_real_time	All
suse	linux_enterprise_real_time	All
suse	linux_enterprise_real_time	All
suse	linux_enterprise_real_time	All
suse	linux_enterprise_real_time	All
suse	linux_enterprise_real_time	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_server	All
suse	linux_enterprise_workstation_extension	All
suse	linux_micro	All
suse	linux_micro	All
suse	linux_micro	All
suse	public_cloud_module	All
suse	public_cloud_module	All
suse	realtime_module	All
suse	realtime_module	All
suse	realtime_module	All
suse	realtime_module	All
suse	realtime_module	All
nixos	nixos	< 25.11
arista	cloudvision_agni	2024.4.0 — 2025.2.2
arista	cloudvision_portal	2024.2.0 — 2026.1.0
arista	velocloud_edge	4.5.0 — 6.4.1
arista	velocloud_gateway	All
vmware	velocloud_orchestrator	All
arista	netvisor_os	< 7.1.0
arista	netvisor_os	All
arista	netvisor_os	All
siemens	simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware	>= 3.1.5
siemens	simatic_s7-1500_cpu_1518-4_pn\/dp_mfp	All
siemens	simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware	>= 3.1.5
siemens	simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp	All
siemens	siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware	>= 3.1.5
siemens	siplus_s7-1500_cpu_1518-4_pn\/dp_mfp	All
siemens	simatic_s7-1500_tm_mfp_firmware	< 1.1
siemens	simatic_s7-1500_tm_mfp	All

References

Advisories & Patches

Exploits

http://www.openwall.com/lists/oss-security/2026/04/29/23 http://www.openwall.com/lists/oss-security/2026/04/29/26 http://www.openwall.com/lists/oss-security/2026/04/30/18 http://www.openwall.com/lists/oss-security/2026/04/30/5 https://copy.fail https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170 https://github.com/theori-io/copy-fail-CVE-2026-31431 https://xint.io/blog/copy-fail-linux-distributions#the-fix-6

Other References

Frequently Asked Questions

What is CVE-2026-31431? +

How severe is CVE-2026-31431? +

CVE-2026-31431 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching. The EPSS score is 0.0257, placing it in the 1th percentile for exploitation probability.

What products are affected by CVE-2026-31431? +

CVE-2026-31431 affects products from amazon, arista, canonical, debian, linux, nixos, opensuse, redhat, siemens, suse, vmware, specifically: amazon_linux, basesystem_module, caas_platform, cloudvision_agni, cloudvision_portal, debian_linux, development_tools_module, enterprise_linux, enterprise_storage, leap, legacy_module, linux_enterprise_desktop, linux_enterprise_high_availability_extension, linux_enterprise_high_performance_computing, linux_enterprise_live_patching, linux_enterprise_micro, linux_enterprise_real_time, linux_enterprise_server, linux_enterprise_workstation_extension, linux_kernel, linux_micro, manager_proxy, manager_retail_branch_server, manager_server, netvisor_os, nixos, openshift_container_platform, openstack_cloud, openstack_cloud_crowbar, public_cloud_module, realtime_module, simatic_s7-1500_cpu_1518-4_pn\/dp_mfp, simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware, simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp, simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware, simatic_s7-1500_tm_mfp, simatic_s7-1500_tm_mfp_firmware, siplus_s7-1500_cpu_1518-4_pn\/dp_mfp, siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware, ubuntu_linux, velocloud_edge, velocloud_gateway, velocloud_orchestrator. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-31431? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-40552

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the …

CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable …

CVE-2025-67895 9.8

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if …

CVE-2025-41645 8.6

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that …

CVE-2025-34158 8.5

Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides …

CVE-2025-62775 8.0

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.

Quick Facts

CVSS Score: 7.8
Severity: HIGH
EPSS: 0.0257
Published: Apr 22, 2026
KEV: Active Exploit

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2026-31431.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →