Active Exploitation of Linux Kernel CVE‑2026‑31431 Added to CISA KEV Catalog
What It Is — CVE‑2026‑31431 is a Linux kernel vulnerability that allows an attacker to incorrectly transfer resources between privilege “spheres,” potentially leading to privilege escalation or denial‑of‑service conditions.
Exploitability — CISA has confirmed active exploitation in the wild and has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog. A public PoC exists, and the CVSS v3.1 base score is estimated at 8.8 (High).
Affected Products — All Linux distributions shipping the vulnerable kernel version (affected kernels 5.10‑5.19 and earlier) across on‑premise servers, cloud VMs, containers, and embedded devices.
TPRM Impact — The vulnerability can be leveraged against third‑party service providers that run Linux‑based workloads, creating a supply‑chain risk for downstream customers. Compromise of a vendor’s infrastructure could cascade to multiple client environments.
Recommended Actions —
- Prioritize patching of the Linux kernel to the latest vendor‑released version.
- Verify that all third‑party providers have applied the patch or are scheduled to do so before the BOD 22‑01 remediation deadline.
- Conduct a rapid inventory of Linux assets across your ecosystem and apply temporary mitigations (e.g., SELinux/AppArmor policies, network segmentation) if patches cannot be applied immediately.
- Update vulnerability‑management tools to flag CVE‑2026‑31431 as a high‑priority KEV item.
Source: CISA Advisory – May 1 2026