A Linux kernel vulnerability has been disclosed that affects a wide range of distributions currently in active use. We strongly urge all customers running Linux-based servers to apply the mitigation detailed below as soon as possible.
The vulnerability was identified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on May 1st, 2026.
What is CopyFail?
CVE-2026-31431, dubbed CopyFail, is a vulnerability in the Linux kernel’s algif_aead cryptographic module. If exploited, it can potentially be leveraged by a local attacker to cause system instability or escalate privileges. Given the broad range of affected distributions, we consider this a high-priority item that should not be left unpatched.
Which Linux Distros Are Affected
If you are running any of the following operating systems, your server is likely vulnerable:
- Debian 12 / 13
- Ubuntu 22.04 / 24.04 / 26.04
- RHEL, AlmaLinux, Rocky Linux
- SUSE / openSUSE
- Arch Linux, Gentoo, Amazon Linux, Oracle Linux
How To Apply the Mitigation
The fix disables the vulnerable algif_aead kernel module — preventing it from loading at boot and unloading it immediately if currently active. Run the following commands as root:
root@localhost:~$ echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
root@localhost:~$ rmmod algif_aead 2>/dev/null || trueThis is a safe, non-destructive change and does not require a reboot to take effect.
If you need assistance applying this fix or are unsure whether your server is affected, please open a support ticket and our team will be happy to help.
![[Updated] Critical cPanel Authentication Vulnerability (28th April 2026) – Immediate Server Update Required](/_gatsby/image/9362bad24aca87aaa90e289c118b76b0/67251f60721abd86cb9f9501c2c68de8/netshopisp-cpanel-whm-vulnerability-april-2026.avif?u=https%3A%2F%2Fnsblg42.netshop-isp.com.cy%2Fwp-content%2Fuploads%2F2026%2F04%2Fnetshopisp-cpanel-whm-vulnerability-april-2026.png&a=w%3D256%26h%3D256%26fm%3Davif%26q%3D75&cd=7f5f10dc79af53379741259c5c02101d)
