https://clement.n8r.ch/en/tags/security/ Recent content in Security on n8r | Clément Hugo -- 0.147.7 en-US Fri, 01 May 2026 10:00:00 +0200 https://clement.n8r.ch/en/articles/copyfail-cve-2026-31431-kubernetes-escape/ Fri, 01 May 2026 10:00:00 +0200 https://clement.n8r.ch/en/articles/copyfail-cve-2026-31431-kubernetes-escape/ <blockquote> <p><strong>Work in progress.</strong> This article is incomplete. Some exploit details are intentionally omitted. I&rsquo;ll complete it on May 4th</p></blockquote> <h2 id="context">Context</h2> <p>I work at <a href="https://www.postfinance.ch">PostFinance</a>, where we run a Kubernetes platform supporting banking workloads. Our production clusters run Debian 12 with kernel 6.1.158+, which happens to be <strong>not vulnerable</strong> to CVE-2026-31431 (more on that at the end).</p> <p>A disclaimer: I&rsquo;m not a security researcher. I&rsquo;m a Kubernetes and Linux systems engineer. I dived into the Copy Fail CVE for about 18 hours straight to learn new stuff and understand how bad it really was. There might be a flaw in my exploit chain, but I&rsquo;m fairly confident it works.</p>