CISA is warning that attackers are actively exploiting a nearly decade-old Linux kernel vulnerability dubbed Copy Fail that allows authenticated users to escalate privileges to root shell access. The vulnerability, tracked as CVE-2026-31431, has been added to CISA's Known Exploited Vulnerabilities catalog, with federal agencies given two weeks to patch. Microsoft reports limited exploitation so far but warns the flaw is particularly dangerous in cloud and Kubernetes environments because a public proof-of-concept exists and any local unprivileged user can reliably exploit it to gain full system control.