CVE-2026-31431, also known as Dirty Frag or Copy Fail, is a Linux kernel local privilege escalation vulnerability that allows attackers to write to read-only memory regions via page-cache abuse. Active exploitation was observed prior to the public embargo break, with threat actors deploying ELF binaries, Python scripts, and malicious PyPI packages to achieve root access, notably including adoption by the Multiverze trojan family.