Date: May 8, 2026
Action Required for Self-Hosted Customers
We are issuing this advisory regarding the recently identified “Copy Fail” (CVE-2026-31431) vulnerability. This is a critical Local Privilege Escalation (LPE) flaw in the Linux kernel that allows unprivileged users to gain root access.
[!! IMPORTANT !!]
SaaS Environments: All SaaS environments managed by the Cumulocity Operations team have been updated and are not impacted by the issue.
Self-Hosted Environments: Customers must update their operating system to ensure protection.
Action Required: Rocky Linux Updates
Patched kernels are now available for Rocky Linux. To ensure the integrity of your environment, all self-hosted customers must perform the following:
- Update Kernel Packages: Install the latest kernel updates from the Rocky Linux repositories.
- Update All Nodes: It is critical that all worker nodes are updated to prevent system-wide exposure.
- Perform System Reboot: A reboot is required for the kernel patches to take effect.
Failure to update the nodes can lead the underlying infrastructure susceptible to this vulnerability and can lead to full system compromise.