Recommendation from the Government Plenipotentiary for Cybersecurity – Update of Linux operating systems released after 2017
21 May 2026
The Plenipotentiary recommended that entities of the national cybersecurity system immediately update gnu/Linux operating systems released after 2017 to the most current version or to a version, in which the critical vulnerability CVE-2026-31431 (Copy Fail) has been removed.
Both vulnerabilities allow for privilege escalation from a regular user to an administrator account. The code enabling exploitation of the vulnerabilities is publicly available, and its use does not require advanced technical skills. This means that the risk of practical exploitation of the vulnerability is high. Areas where untrusted users have access to the system or where user-supplied code is executed are particularly at risk.
The full text of the recommendation is attached.
