Cloudflare threat report

Cloudflare published a response detailing how it assessed and mitigated the 'Copy Fail' Linux kernel local privilege escalation vulnerability (CVE-2026-31431), publicly disclosed on April 29, 2026. Cloudflare's Security and Engineering teams reviewed the exploit technique, evaluated exposure across its infrastructure, and validated that existing behavioral detections could identify the exploit pattern. The post describes mitigations applied to protect Cloudflare's fleet from local privilege escalation via the kernel flaw. No active exploitation against Cloudflare was reported, and the issue is a kernel-level LPE rather than a remote-facing service vulnerability. Other items in the source set concern unrelated vendors (Ivanti EPMM, Palo Alto PAN-OS) and are not relevant to Cloudflare.

• How Cloudflare responded to the “Copy Fail” Linux vulnerability