On 29 April 2026 a high-severity vulnerability in the Linux kernel, known as Copy Fail (CVE-2026-31431, CVSS 7.8), was publicly disclosed. The flaw lives in the algif_aead cryptographic module and lets any unprivileged local user escalate privileges to root. The exploit is small, reliable, and works on every mainstream Linux distribution shipped since 2017, including Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE, Fedora and Arch.
What we have done
Over the past few days we have patched the entire MMITech infrastructure. All hypervisors, internal servers and platform components are now running fixed kernels.
Customers who have a management agreement with us for their Linux VPS or dedicated server have already been upgraded by our engineers. No action is required on your part. Given the severity of this vulnerability, we proceeded with the kernel update and reboot without prior individual notice.
What you need to do
If you run a Linux server with us without a management agreement (unmanaged VPS or dedicated server), please update the kernel and reboot as soon as possible. This applies to every Linux distribution, no exceptions.
Typical update commands:
- Debian / Ubuntu:
apt update && apt full-upgrade && reboot - RHEL / AlmaLinux / Rocky / Fedora:
dnf upgrade --refresh && reboot
Need help?
If you are not comfortable performing the upgrade yourself, please open a support ticket and our team will assist you.
