PSIRT Linux Kernel Vulnerability copy.fail - CVE-2026-31431 Summary CVE-2026-31431 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. Fortinet PSIRT is currently investigating the impact of this CVE over Fortinet products. Products Under Investigation: FortiEDR FortiDevSec FortiNAC FortiNAC-F FortiSOAR FortiClient EMS FortiClient Cloud Products confirmed NOT Impacted: FortiCamera FortiCentral FortiSIEM FortiClientWindows FortiClient Mac FortiClient Linux FortiClient Android FortiToken iOS FortiToken Windows FortiRecorder FortiOS FortiAIOps FortiAP FortiAP-U FortiAP-W2 FortiAuthenticator FortiStack - Fortinet Integrated Openstack FortiSASE FortiSASE - Sovereign FortiManager FortiAnalyzer FortiWeb FortiProxy FortiADC FortiADC-Manager FortiCNP FortiDAST FortiData FortiDDoS FortiDDoS-F FortiDeceptor FortiDeceptor Token FortiEdge Cloud FortiEDR Android FortiEDR iOS FortiMail FortiSwitch Manager FortiPhish FortiFone FortiIsolator FortiMonitor FortiPAM FortiPresence FortiPortal FortiAppSec Cloud FortiAnalyzer-BigData FortiConverter FortiVoice Cloud FortiSandbox FortiSIEM FortiToken Android FortiNDR FortiExtender Timeline 2026-05-13: Initial publication References https://nvd.nist.gov/vuln/detail/CVE-2026-31431 IR Number FG-IR-26-139 Published Date May 13, 2026 Component CLI Severity High Discovered Third-Party Library Attack Type Authenticated Known Exploited No CVSSv3 Score 7.8 Impact Escalation of privilege CVE ID CVE-2026-31431 Download CVRF CSAF