Linux CopyFail Flaw Added To CISA KEV
CISA has added the actively exploited CopyFail Linux kernel privilege escalation flaw to its Known Exploited Vulnerabilities catalog.
The Linux kernel remains the primary focus for security teams today following the widespread exploitation of the CopyFail vulnerability, tracked as CVE-2026-31431. This local privilege escalation flaw, which allows unprivileged users to gain root access, has been added to the CISA Known Exploited Vulnerabilities catalog. As The Register reported, the vulnerability stems from a flaw in cryptographic code that has been actively leveraged by attackers. Organizations should prioritize patching across all Linux distributions, as the exploit is considered highly reliable and dangerous.
A series of critical vulnerabilities in the Linux kernel have also been disclosed, requiring immediate attention to prevent potential system crashes and unauthorized access. These include CVE-2026-43465, which involves improper frag counting in the mlx5e driver, and CVE-2026-43414, which addresses a double-free condition in the qla2xxx SCSI driver. Additionally, CVE-2026-43402 fixes a use-after-free in kthread exit paths, CVE-2026-43384 corrects a non-constant time MAC comparison in TCP-AO, and CVE-2026-43379 resolves a use-after-free in the ksmbd module. These updates are essential for maintaining kernel stability and security against local attackers.
Multiple critical remote code execution and injection vulnerabilities have been identified in various web-based platforms and plugins. OpenDCIM is affected by OS command injection via CVE-2026-28517, while LibreNMS suffers from similar command injection flaws in multiple controllers under CVE-2024-51092. Emlog is vulnerable to SQL injection through CVE-2026-42287, and Pachno's dash-uploader contains a directory traversal flaw leading to RCE via CVE-2026-38360. Administrators should audit their web environments for these platforms and apply available patches immediately to mitigate the risk of full system compromise.
A cluster of legacy and critical vulnerabilities continues to impact WordPress and other e-commerce platforms, often involving unauthenticated file uploads or privilege escalation. This includes CVE-2021-47940 and CVE-2021-47933, which allow arbitrary file uploads in the Download From Files and MStore API plugins, respectively. Furthermore, CVE-2021-47932 allows unauthenticated privilege escalation in TheCartPress, while CVE-2021-47936 exposes OpenCATS to remote code execution. As Wordfence noted, these flaws highlight the persistent risk posed by outdated or poorly secured plugins in content management systems.
Several other high-risk vulnerabilities demand attention, including the long-standing buffer overflow in the GNU C Library (CVE-2023-4911) and the SOCKS5 proxy handshake overflow in curl (CVE-2023-38545). Additionally, Hijackedamygdala's HireFlow is susceptible to unauthenticated SQL injection via CVE-2026-38567, and OpenCart contains a session fixation vulnerability tracked as CVE-2021-47923. Finally, Termix Ssh is vulnerable to critical command injection via CVE-2026-42454. Security teams should prioritize these based on their specific exposure and the availability of patches for their respective environments.