'Copy fail' bug grants root across Linux distributions since 2017

Technology May 01, 2026

Heads up, Linux users: a major security bug called "Copy Fail" has been lurking in nearly every Linux distribution released since 2017.
It lets attackers grab admin rights with just a simple Python script: the scary part is, it dodges popular security tools like AIDE and OSSEC, so some monitoring tools may not detect it.

Kernel fix landed but some unpatched

This flaw was identified by Theori's researchers with assistance from their Xint Code AI tool. Researcher Taeyang Lee found it within an hour of scanning.
A fix landed in the main Linux kernel on April 1, 2026, but because details got out before everyone could patch up, some systems are still at risk.
Major Linux distributions like Arch, Fedora, and Amazon Linux have rolled out updates, but others are still catching up.