Home / Security updates / CVE-2026-31431 ("Copy Fail")
CVE-2026-31431 ("Copy Fail")
Security updates detail rendered from /security-updates/upd_ef6a5492c554b880.
Overview
| ID | upd_ef6a5492c554b880 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Daytona |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_ef6a5492c554b880 |
| providerId | safebase |
| organizationId | org_1822268e5fe0e7aa |
| trustCenterId | tc_44ad2013ad21f1e5 |
| title | CVE-2026-31431 ("Copy Fail") |
| message | **Title:** CVE-2026-31431 ("Copy Fail") — Linux kernel page cache write primitive, fully remediated **Category:** Security Advisory **Severity:** High **Status:** Resolved **Notify subscribers:** Yes --- On April 29, 2026, a Linux kernel vulnerability (CVE-2026-31431, "Copy Fail") was publicly disclosed in the `authencesn` AEAD cryptographic template, reachable from userspace via the `AF_ALG` socket interface (`algif_aead`). The flaw allows an unprivileged process to perform a deterministic, controlled write into the kernel page cache without modifying anything on disk. On multi-tenant hosts, this creates a theoretical path for one sandbox to corrupt cached file content visible to co-tenant sandboxes. All Daytona infrastructure was fully remediated within 12 hours of disclosure. We have no evidence of exploitation, and the Sysbox runtime isolation boundary was not breached. ### Am I affected? **No** action is required. Daytona infrastructure is fully remediated across all regions. |
| url | - |
| publishedAt | 2026-04-30 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_1822268e5fe0e7aa",
"name": "Daytona",
"domains": [
"trust.daytona.io",
"daytona.io"
]
} |
| trust_center | {
"id": "tc_44ad2013ad21f1e5",
"name": "Daytona",
"url": "https://trust.daytona.io",
"host": "trust.daytona.io"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_ef6a5492c554b880",
"company": "/v1/companies/org_1822268e5fe0e7aa",
"trust_center": "/v1/trust-centers/tc_44ad2013ad21f1e5",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_ef6a5492c554b880JSON