CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
Summary
CISA has added CVE-2026-31431, a Linux root access vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This indicates that the flaw is being actively exploited in the wild, posing a significant risk to affected Linux systems.
IFF Assessment
The addition of this vulnerability to CISA's KEV catalog signifies active exploitation, presenting a direct threat to defenders.
Severity
The CVSS score of 7.8 indicates a high severity, reflecting the potential for local privilege escalation, allowing an attacker to gain root access on an affected Linux system.
CISA KEV: Listed as actively exploited. Federal patch due: May 15, 2026. Known ransomware use: Unknown.
Defender Context
This article is highly relevant to defenders as it highlights a critical vulnerability actively being exploited. Organizations using affected Linux distributions must prioritize patching or implementing mitigations for CVE-2026-31431 to prevent unauthorized root access.