A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.
Researchers have disclosed CopyFail, a dangerous exploit affecting virtually all Linux releases, including those since 2017. Dubbed CVE-2026-31431, it enables hackers to seize root control on PCs and servers. Patches are available, but many machines remain exposed as defenders rush to apply them, according to details first reported by WIRED on May 1, 2026. An hour of scanning suffices for exploitation, TechRadar noted the same day, urging immediate patching to avert severe compromises. Canonical's status page stated: “Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it.” Servers like security.ubuntu.com, archive.ubuntu.com, and ubuntu.com have been inaccessible since Thursday morning, May 1. A pro-Iranian group claimed responsibility on Telegram for the DDoS using the Beam stressor service, which has also targeted eBay recently. The outage followed the exploit code's release, limiting Ubuntu's ability to issue guidance. Updates remain accessible via mirror sites, though officials have stayed silent beyond the status update. Stressor services, fronts for paid DDoS attacks, persist despite law enforcement efforts.
