Cyber Threat Brief — April 30 2026
⚠️ This report is AI-generated. Always validate findings.
1. CopyFail — Linux Kernel LPE via algif_aead Page Cache Corruption — CVE-2026-31431
TL;DR: A 9-year-old logic bug in the Linux kernel’s algif_aead crypto module lets any local user write 4 controlled bytes into the page cache of any readable file, escalating to root with a deterministic 732-byte Python exploit. No race condition — works on every major distro since 2017.
What’s New:
- Theori disclosed April 29 on oss-security; PoC published same day (rootsecdev, theori-io)
- Exploit corrupts in-memory page cache, not on-disk — bypasses FIM and on-disk integrity checks
- Crosses container boundaries; works on Ubuntu, RHEL, Amazon Linux, SUSE out of the box
- Fix: kernel commit
a664bf3d603dreverts the 2017 in-place optimization; distro patches rolling out - Interim mitigation:
modprobe -r algif_aeadand blockAF_ALGsocket creation for untrusted users
Actionable Intel
| Artifact | Type | ATT&CK | Log Source | Action |
|---|---|---|---|---|
socket(AF_ALG, SOCK_SEQPACKET, 0) syscall | Exploit prerequisite | T1068 | auditd / Sysmon for Linux | Alert on AF_ALG socket creation by non-root users |
splice() syscall to algif_aead fd | Exploit trigger | T1068 | auditd syscall rules | Hunt for splice() calls targeting crypto API fds |
Modified setuid binaries (e.g. /usr/bin/su, /usr/bin/passwd) in page cache | Post-exploitation indicator | T1548.001 | AIDE / OSSEC (cache-aware) | Run in-memory vs on-disk binary comparison |
Kernel log: algif_aead references during non-crypto workloads | Anomaly | T1068 | /var/log/kern.log / journald | Alert on unexpected algif_aead kernel messages |
Python process opening AF_ALG socket | Exploit behavior | T1059.006 | Sysmon for Linux Event 3 | Correlate Python + AF_ALG socket creation |
Detection
| Source | Rule | Gap |
|---|---|---|
| Splunk ESCU | None | No rule for AF_ALG socket abuse or page cache corruption; need auditd syscall ingest |
| Elastic | None | No Linux kernel crypto API abuse detection; Elastic Defend kernel-level hooks may log splice anomalies |
| Sigma | None | No community rule yet; draft: logsource: linux/auditd, filter on socket(AF_ALG) + splice() by non-root |
Sources: Theori PoC · The Register · Help Net Security · Bugcrowd · NVD
2. GitHub Enterprise Server RCE via babeld Header Injection — CVE-2026-3854
TL;DR: A command injection in GitHub’s internal babeld proxy lets any authenticated user with push access achieve RCE on GHES backend servers via a single git push with crafted push options. CVSS 8.7. Wiz reports 88% of GHES instances remain unpatched as of April 29.
What’s New:
- Wiz disclosed April 28 after responsible disclosure March 4; GitHub.com patched same day, GHES patch March 10
- Push option values copied verbatim into semicolon-delimited
X-Statinternal header — semicolons in user input inject arbitrary fields (last-write-wins) - Injected fields override routing metadata, enabling command execution on backend git services
- 88% of self-hosted GHES instances still running vulnerable versions per Wiz telemetry
- Patched in GHES 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0+
Actionable Intel
| Artifact | Type | ATT&CK | Log Source | Action |
|---|---|---|---|---|
git push --push-option="value;injected_field=payload" | Exploit vector | T1059 | GHES audit log | Hunt for ; in push option values in /var/log/github-audit.log |
Anomalous X-Stat header fields in babeld logs | Injection indicator | T1190 | GHES internal proxy logs | Review babeld access logs for unexpected field names |
| Outbound connections from GHES git backend processes | Post-exploitation | T1071 | Network firewall / NDR | Alert on GHES backend → unexpected external connections |
| GHES version < 3.14.25 / 3.15.20 / 3.16.16 / 3.17.13 / 3.18.8 | Vulnerable instance | — | Asset inventory | Patch immediately; 88% exposure rate |
Detection
| Source | Rule | Gap |
|---|---|---|
| Splunk ESCU | None | No GHES-specific rules; need GitHub audit log ingestion via webhook/syslog |
| Elastic | None | No GHES audit log parser or babeld header injection detection |
| Sigma | None | No community rule; draft: logsource: github/audit, detect ; in push_options field |
Sources: Wiz Blog · The Hacker News · Help Net Security · GitHub Advisory
3. Hugging Face LeRobot Unauth RCE via Pickle Deserialization — CVE-2026-25874
TL;DR: Unpatched CVSS 9.3 RCE in Hugging Face’s LeRobot robotics framework — unauthenticated attackers can send crafted pickle payloads over exposed gRPC channels to execute arbitrary OS commands on PolicyServer hosts. No fix available until v0.6.0.
What’s New:
- Disclosed April 28; private report to Hugging Face since December 2025 — still unpatched
PolicyServerbinds to0.0.0.0by default, exposing gRPC port to entire network segmentpickle.loads()called on unauthenticated gRPC input viaSendPolicyInstructions,SendObservations,GetActionsRPCs- No TLS, no auth — any network-reachable host can trigger RCE
- Affects LeRobot ≤ 0.5.1; fix planned for 0.6.0
Actionable Intel
| Artifact | Type | ATT&CK | Log Source | Action |
|---|---|---|---|---|
| Exposed gRPC port (default: 50051) on LeRobot hosts | Attack surface | T1190 | Network scan / asset inventory | Firewall-restrict gRPC port to trusted hosts only |
| Inbound connections to PolicyServer from non-robot IPs | Exploitation attempt | T1190 | Network firewall / flow logs | Alert on unexpected sources connecting to gRPC port |
pickle.loads() execution spawning child processes | Post-exploitation | T1059.006 | Sysmon for Linux / auditd | Hunt for Python gRPC server spawning shells |
| Outbound C2 from LeRobot host post-compromise | Lateral movement | T1071 | NDR / firewall | Baseline LeRobot host network behavior |
Detection
| Source | Rule | Gap |
|---|---|---|
| Splunk ESCU | None | No LeRobot/gRPC-specific rules; generic “Linux Reverse Shell” may catch post-exploitation |
| Elastic | None | No pickle deserialization abuse detection |
| Sigma | Suspicious Python Child Process (partial) | No gRPC-specific context; need process tree correlation |
Sources: The Hacker News · CSA Labs · Resecurity
Status Updates
- CVE-2026-33725 (Metabase Enterprise): No new artifacts since yesterday’s initial coverage; PoC remains public, no ITW exploitation reported. Original brief.
- CVE-2026-33825 (Windows Defender): CISA KEV deadline May 7 approaching; RedSun/UnDefend PoCs still circulating; ensure April Patch Tuesday applied. Original brief.