Guardsix Security Advisory: Response to Copy Fail and Dirty Frag Vulnerability
Guardsix is aware of the Copy Fail Vulnerability (CVE-2026-31431) and Dirty Frag (CVE-2026-43284, CVE-2026-43500), a high-severity Linux kernel local privilege escalation vulnerability affecting Ubuntu-based systems.
This advisory explains the impact on Guardsix products, the response actions taken by Guardsix, and any steps customers need to perform.
Vulnerability Details
| Field | Details |
|---|---|
Vulnerability Name |
Copy Fail Vulnerability, Dirty Frag Vulnerability |
CVE ID |
CVE-2026-31431 CVE-2026-43284 CVE-2026-43500 |
CVSS Score |
7.8 (High) |
Product Impact and Remediation
| Product | Impact Status | Affected Versions | Fixed/ Mitigated Versions | Status |
|---|---|---|---|---|
| SIEM | Affected | v7.9.0 and earlier |
v7.9.1 | Released |
| NDR | Affected | NDR Sensor v2.30.4 and earlier; NDR Central deployments that have not yet received the mitigation update | NDR Sensor v2.31 and later; NDR Central after the mitigation update | Released |
| Fleet | Affected | 2.10.1 and earlier | v2.10.2 | Released |
| SOAR | Not Affected | None | Not Applicable | Not Applicable |
| AAHC | Affected | v1.12.0 and earlier | v1.12.1 | Released |
Customers are advised to apply the patches as soon as possible to address the vulnerability.
For NDR Central customers, the required action depends on the Central deployment type:
-
On-prem Central deployments:
Customers should contact Guardsix Support to schedule the mitigation update for their on-prem Central. After the Central is updated, the mitigation will be applied to the sensors connected to that Central. -
Cloud Central deployments:
No customer action is required. The mitigation has already been applied automatically.
Support
If you have any questions, please contact Guardsix Support.
Comments
Article is closed for comments.