Theori disclosed Copy Fail (CVE-2026-31431, CVSS 7.8 HIGH) on April 29, 2026 — a local privilege escalation in the Linux kernel's AEAD crypto subsystem (algif_aead) that allows any authenticated local user to write 4 bytes into the page cache of any readable file and obtain root deterministically, with no timing races. A 732-byte Python proof-of-concept roots Ubuntu, Amazon Linux, RHEL, and SUSE; every kernel carrying the 2017 in-place optimization (commit 72548b093ee3) is affected. The flaw was surfaced by Xint Code, Theori's AI-assisted scanner, in roughly one hour of automated analysis of the kernel's crypto/ subsystem. CISA added CVE-2026-31431 to the Known Exploited Vulnerabilities catalog with a required patch action date of May 15, 2026.