First published 8 May 2026
CVSS:3.1: 7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An important security vulnerability has been found in the Linux Kernel used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
A local privilege escalation has been discovered in the Linux Kernel. A non-privileged user with command execution can gain root via writing to the system’s page cache. This is tracked as CVE-2026-31431 and rated as high.
The researchers who found the issue have published a PoC exploit for it. CISA reports that attacks are going on in the wild and lists the vulnerability in its Known Exploited Vulnerabilities Catalog (KEV).
Update Instructions
-
OS 12: Upgrade the Base System app to version 12.8.2 LTS or 12.9.0 as soon as they are available.
-
OS 11: Upgrade to IGEL OS 11.11.150 as soon as it is available.
References
-
CVE-2026-31431 https://www.cve.org/CVERecord?id=CVE-2026-31431
-
Theori, Inc.: https://copy.fail
-
CISA Known Exploited Vulnerabilities Catalog (KEV): https://www.cisa.gov/known-exploited-vulnerabilities-catalog