CISA added CVE-2026-31431 to its Known Exploited Vulnerabilities catalog on Friday, confirming active exploitation of a Linux privilege escalation flaw affecting multiple distributions. The vulnerability carries a CVSS score of 7.8 and enables local privilege escalation, allowing attackers with basic system access to gain root-level control.
The flaw impacts widely deployed Linux systems across enterprises and infrastructure networks. Defenders should prioritize patching affected distributions immediately, as confirmed exploitation in the wild indicates threat actors actively weaponize this vector. Organizations should inventory vulnerable systems, apply vendor patches without delay, and monitor logs for signs of local privilege escalation attempts targeting this specific CVE.
The addition to CISA's KEV catalog signals that this vulnerability meets the agency's criteria for real-world exploitation and poses immediate risk to federal systems and critical infrastructure. Defenders operating Linux environments should treat this as high priority and assume adversaries possess working exploits.