TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

The Hacker News

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

[email protected] (The Hacker News) · 3 days ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1068Exploitation for Privilege Escalation
98%
“cisa adds actively exploited linux root access bug cve - 2026 - 31431 to kev the u. s. cybersecurity and infrastructure security agency ( cisa ) on friday added a recently disclosed security flaw impacting various linux distributions to its known exploited vulnerabilities ( kev )…”
T1068Exploitation for Privilege Escalation
91%
“in the linux kernel ' s authentication cryptographic template that allows an attacker to reliably trigger privilege escalation trivially by means of a 732 - byte python - based exploit. it was introduced through three separate, individually harmless changes to the linux kernel ma…”
T1068Exploitation for Privilege Escalation
88%
“vulnerability is being exploited in the wild. however, the microsoft defender security research team said it ' s " seeing preliminary testing activity that might result most likely in increased threat actor exploitation over the next few days. " " the attack vector is local ( av …”
T1611Escape to Host
74%
“significant impact. kaspersky, in its analysis of the flaw, said copy fail poses a serious risk to containerized environments, as docker, lxc, and kubernetes " grant processes inside a container access to the af _ alg subsystem if the algif _ aead module is loaded into the host k…”

Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an