Important Security Notice: Linux Kernel Vulnerabilities
-
Tuesday, 5th May, 2026
-
12:32pm
We would like to inform you about recently disclosed security vulnerabilities affecting Linux systems, including:
CVE-2026-31431 – Linux kernel privilege escalation vulnerability affecting the cryptographic subsystem (algif_aead)
CVE-2026-41940 – A separate vulnerability affecting Linux kernel components (see vendor advisories for details)
These issues may allow unauthorized privilege escalation on affected systems if left unpatched.
As our servers are unmanaged, customers are responsible for maintaining their operating system and software updates.
We strongly recommend the following actions:
Update your system to the latest available kernel and security patches
Ensure all installed packages are up to date
If you are running an older or unsupported operating system, consider reinstalling with a current, fully supported OS version
Vendor advisories:
AlmaLinux: https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/
Debian: https://security-tracker.debian.org/tracker/CVE-2026-31431
Ubuntu: https://ubuntu.com/security/CVE-2026-31431
Rocky Linux: https://kb.ciq.com/article/rocky-linux/rl-cve-2026-31431-mitigation
cPanel: https://support.cpanel.net/hc/en-us/articles/40184022594071-CVE-2026-31431-copy-fail-reported-for-linux-kernels
Plesk: https://support.plesk.com/hc/en-us/articles/40124635047319-Vulnerability-CVE-2026-31431
Additional information for CVE-2026-41940 is available via your operating system vendor security advisories.
If you are using live patching solutions such as KernelCare, you may already be protected depending on your configuration.
