On 29 April 2026, a critical Local Privilege Escalation (LPE) and container escape vulnerability, dubbed "copy.fail” was disclosed in the Linux kernel. This was followed by another LPE kernel vulnerability on 08 May 2026, named “Dirty Frag”.
Appian investigated these vulnerabilities and its potential impact on our infrastructure and services, and has remediated them.
The following CVEs were released with additional information on the scope of the vulnerability:
CVE-2026-31431 - (Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability)
CVE-2026-43284 - (Linux Kernel Local Privilege Escalation / Dirty Frag Page Cache Corruption)
This article applies to all supported versions of Appian.
Last reviewed: July 7, 2026