The Bug That Gave Root to Everyone. 9 Years. Every Linux Distro.
CopyFail hid in the Linux kernel for 9 years. A 732-byte script gives root on every major distro. And this is not the first time.
732 bytes of Python code. Shorter than 3 tweets.
A security researcher found a bug that had been hiding in the Linux kernel for 9 years. A small 732-byte script grants any regular user full administrative control over the machine. Red Hat, Ubuntu, SUSE, Debian, Amazon Linux, Fedora, Arch. All carried it. If the machine runs containers, the same bug lets an attacker break out of the container and take over the host, then every other container sharing that host. Microsoft flagged the impact on millions of Kubernetes clusters.
Theori researcher Taeyang Lee reported the bug on March 23, 2026. The project calls it CopyFail. CVE-2026-31431. Severity rating: 7.8 out of 10.
The open source ecosystem has been here before. Heartbleed hid for two years. Shellshock for twenty-five. Dirty COW for nine. Each time, the industry promised reform. Funded new organizations. Published postmortems. Then another old bug surfaced in another critical subsystem.
CopyFail is the latest. It will not be the last.