If you run Linux and haven't updated your system today, maybe close this tab and go do that first. We'll wait.

A newly disclosed security vulnerability nicknamed "Copy Fail" (CVE-2026-31431) has been found lurking inside nearly every Linux distribution released since 2017, and it is about as bad as it sounds. Any regular user on an affected system can exploit it to hand themselves full administrator privileges. Root access. The keys to the kingdom. The whole enchilada.

So how bad is it, really?

Pretty bad! What makes this one particularly spicy is the exploit's almost laughable portability. Security firm Theori, which uncovered the flaw, published a Python script that works across all vulnerable distributions with, in their own words, "no per-distro offsets, no version checks, no recompilation." You essentially copy and paste one script and walk out as admin. Hence the name, we suppose.

To put that in plain English: this is not one of those complicated, highly targeted exploits that requires a PhD and three energy drinks to pull off. It is disturbingly accessible.

AI helped find the needle in a very large haystack

Here's where things get genuinely interesting, and a little existentially weird. Theori used AI-assisted scanning to help uncover the vulnerability, according to reporting by The Verge. That's a double-edged sword if we've ever seen one - the same class of tools that could theoretically help bad actors find flaws faster is also, apparently, what helped the good guys catch this one first.

The bug has been sitting quietly inside Linux systems for the better part of a decade. Eight years of updates, patches, security audits, and nobody caught it until now. That's the kind of fact that makes sysadmins age five years in real time.

What should you actually do?

The vulnerability has been publicly disclosed, which means the clock is ticking before someone less scrupulous starts running that Python script at scale. Patch your system. Check with your distro's security advisories. If you manage servers, this is a drop-everything moment rather than a "I'll get to it Friday" situation.

The silver lining - if you can call it that - is that this is a local privilege escalation exploit. An attacker needs to already have some level of access to your system to use it. It's not a remote code execution nightmare. But "you have to already be on the machine" is cold comfort if your machine has multiple users, is a shared server, or has been compromised by something else first.

Eight years, people. Eight years this thing was hiding in plain sight.