CRITICALVulnerability
Global

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

·Source: The Hacker News

Updated:

Executive Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an

Analysis

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an

Indicators of Compromise (1)

CVE (1)
CVE-2026-31431
NVDMITRE CVE
Source Attribution

Originally published by The Hacker News on May 3, 2026.

Related Threats

CRITICALVulnerability

Become a millionaire by bug hunting on Android

Over the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that the reward for individuals who discover vulnerabilities in Android or the Chrome browser is being increased , bringing the maximum reward to $1.5 million. However, reports indicate that you must find a critical vulnerability in the Pixel Titan M2 securit

CSO Online
CRITICALVulnerability

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the software to the latest version, which is currently 3.11.2. The warnings come in advisories from vm2 maintainer Patrik Simek

CVE-2026-26956CVE-2026-44007
CSO Online
MEDIUMVulnerability

Kraken owner to pay $600m for stablecoin infrastructure firm Reap

The parent company of crypto exchange Kraken has agreed its second major acquisition in a matter of weeks, striking a $600 million deal to acquire stablecoin-native, card issuing and payments infrastructure platform Reap Technologies.

Finextra