Hey there,
I would like to draw your attention to a massive kernel-level security vulnerability currently known as "Copy Fail - CVE-2026-31431." This vulnerability affects all known Linux distributions with patch levels dating from 2017 to the present. Ubuntu 24.04 is also currently affected, and no patch is available at this time.
By exploiting a memory handling error, a user with shell access can gain root privileges.
Risk Assessment for Cloudron:
The risk for Cloudron is likely low, provided it is running in its standard configuration, as there should (ideally) be no additional users. Since local shell access is required and containers run in isolation, the threat level remains largely mitigated.
Nevertheless, the sheer scale of this vulnerability is concerning, especially as other servers you may be operating could be at risk.
Just a quick heads-up from my side.
Best
Matthias
