On May 4, 2026, security researchers at Theori dropped a 732-byte Python script that can give any user with local access full root privileges on virtually every Linux machine built since 2017. The exploit, assigned CVE-2026-31431 and nicknamed “copy fail,” targets a logic flaw in the Linux kernel’s AF_ALG interface. The bug has been silently present in the kernel since a set of commits made in 2015 and 2017, and it affects every major distribution — Ubuntu, Debian, Arch, Red Hat, Amazon Linux, and all derivatives.

CrowdStrike has confirmed the exploit is being used in the wild, and CISA added it to its Known Exploited Vulnerabilities (KEV) catalog. If you run a Linux server or desktop, you need to patch immediately.

This is not a remote exploit. An attacker must already have a foothold — a regular user account gained through SSH, a compromised web app, or a malicious insider. But once they have a shell, the 732-byte script reliably escalates to root.

How the bug works

The vulnerability lives in the Linux kernel’s AF_ALG socket interface, which exposes kernel crypto algorithms to user space. Inside that interface, the kernel implements something called “authenticated encryption with extended sequence numbers” (AES-256-XTS with an extended IV, in practice). The relevant data structure includes a scratch buffer used during encryption operations.

Normally, this scratch buffer writes four bytes of temporary data into a crypto output buffer — a memory region allocated for the result of an encryption operation. But the AF_ALG “splice” function has a bug: it can direct that output buffer to point into the page cache of a file that the calling process has open for reading only. The scratch data, which is only partially controlled by the user, overwrites four bytes at that file’s location in the page cache.

The exploit targets /usr/bin/su (or any setuid-root binary present on the system). By corrupting four bytes in the executable’s code, the attacker can trick the kernel into giving them a root shell. The script is only 732 bytes because modern Linux kernels map setuid binaries with read-only pages; the AF_ALG splice bug bypasses that protection by writing into the page cache behind the kernel’s back.

The flaw was introduced in a series of commits between 2015 and 2017, meaning any Linux kernel built since then is vulnerable. The Linux kernel team has confirmed the root cause and released a patch, which distributions are now backporting.

Why it matters

This is not a theoretical risk. The proof-of-concept code is public, and the exploit’s reliability — 100%, according to Theori — means that any moderately skilled attacker with access to a vulnerable system can become root. For server administrators, the threat is immediate: a web application vulnerability that lets an attacker execute arbitrary commands as a low-privilege user becomes a full system compromise.

The bug affects all Linux distributions because the vulnerable code lives in the common kernel, not in distribution-specific patches. Desktop Linux users are not immune, but the attack surface is smaller — an attacker would need local access or a way to trick you into running code.

Sysadmins should treat this as a high-priority patching event. The good news is that patching is straightforward: update to the latest kernel for your distribution. Ubuntu, Red Hat, Debian, and Arch have all released updates. Check your vendor’s security advisory for CVE-2026-31431.

How an AI agent found it in one hour

The most striking aspect of CVE-2026-31431 is how it was discovered. Theori, a Japanese security firm, deployed an AI agent built on a large language model trained on kernel source code and vulnerability patterns. They gave the agent a single prompt: “Splice can deliver page cache references of read-only files to crypto TX scatter lists – go look.”

The AI scanned the kernel source for roughly one hour of compute time, identified the buggy splice function, correlated it with the AF_ALG crypto interface, and produced a working exploit. Theori then set up a dedicated website for the vulnerability and released the Python script publicly.

This marks a shift in vulnerability research. Gray-market pricing for a universal Linux privilege escalation typically ranges from $10,000 to $7 million, depending on exclusivity and reliability. An AI agent found this vulnerability essentially for free and gave it away. Theori’s demonstration shows that AI-assisted hacking is no longer a lab curiosity — it is now a practical tool that can find real-world, high-impact bugs in production code.

The companies call their AI “an automated vulnerability researcher.” It works by combining static analysis with fuzzing and symbolic execution, all orchestrated by a language model that can interpret bug patterns. The prompt they used was deliberately vague; the AI understood the concept of page cache references being inadvertently passed to crypto operations and pursued the line of inquiry autonomously.

For defenders, this is a wake-up call. If a single AI agent can pluck a seven-year-old kernel bug in an hour, the old model of “security through obscurity” or reliance on human expertise is no longer sufficient. Code review and testing need to scale with automated reasoning tools that are at least as powerful as those used by attackers.

What to do now

Patching is the only effective mitigation. Since the exploit requires local access, you can also limit exposure by hardening SSH configurations, monitoring for unusual usage of AF_ALG sockets, and restricting access to sensitive binaries. But those are stopgaps. The kernel patch is clean and should be applied without delay.

For Linux desktop users: the risk is low unless you allow untrusted code to run on your machine. But if you share a system with others or run containers that are not fully isolated, update now.

For server administrators: this is as urgent as it gets. Many cloud providers and CDNs run Linux. If you manage infrastructure, treat this like the Heartbleed or Shellshock incidents.

The exploit’s name, “copy fail,” refers to the four bytes of scratch data that get copied into the wrong place. But the real lesson is broader: AI-powered vulnerability discovery is here, and it is rewriting the economics of security research. The only way to stay ahead is to adopt similar tools for defense.

Update your systems. Verify the patch. And start taking AI security agents seriously — because the attackers already are.