A critical Linux kernel vulnerability, CVE-2026-31431 ("Copy Fail"), was publicly disclosed on April 29, 2026. The vulnerability has been present in the Linux kernel since 2017 and affects all major distributions, including Ubuntu 24.04, 22.04, and 20.04. It allows any local user with shell access to escalate privileges to root without requiring special tools or conditions.

What We Did

We deployed an interim mitigation to all reachable servers via the RunCloud agent. It blocks the vulnerable kernel module from loading and closes the attack surface without requiring a reboot. It has been tested against Nginx, PHP, MySQL, SSH, and SSL with no impact on normal operation.

Servers that were offline, had the agent stopped, or had firewall rules blocking agent communication at the time of deployment were not reached automatically.

Permanent Patch

Ubuntu has not released an official patched kernel at the time of writing. Once available, it will appear as a kernel update in your RunCloud dashboard. After applying the update and rebooting, the interim mitigation can be safely removed. Servers that were automatically patched by RunCloud will have the interim fix cleaned up on our end once the official kernel update is confirmed to have been applied.

Track Ubuntu's release here: https://ubuntu.com/security/CVE-2026-31431

Recommended: Keep Security Updates Turned On

Navigate to your Server Settings and confirm that Enable Security Updates is turned on. While enabled by default, confirm that it is enabled on your servers to ensure critical kernel and security patches are automatically applied.

Full Details & Next Steps

For verification steps and instructions on how to manually apply the interim fix, see our full write-up on our community forum.

This release includes a comprehensive set of upstream security patches addressing multiple vulnerabilities across core NGINX modules, improving overall stability and hardening key request-handling paths. 

• Fixed WebDAV module buffer overflow
  Resolved a vulnerability in ngx_http_dav_module where specially crafted requests could cause memory corruption, potentially leading to crashes or arbitrary code execution.
• Fixed MP4 streaming module buffer overflows
  Fixed multiple vulnerabilities in ngx_http_mp4_module where malformed MP4 files or requests could trigger memory corruption and destabilize the server.
• Fixed NULL pointer dereference in authentication methods
  Corrected a flaw in CRAM-MD5 and APOP authentication that could cause NGINX to crash when handling invalid authentication data.
• Fixed injection vulnerability in mail proxy (auth_http and XCLIENT)
  Patched an issue that could allow injection of unintended commands or data during mail authentication or client identification.
• Fixed OCSP validation bypass in stream module
  Closed a gap where SSL certificate revocation checks (OCSP) could be bypassed under certain configurations, improving TLS validation.
• Fixed SSL upstream injection issue
  Resolved a vulnerability that could allow manipulation of data in SSL connections to upstream servers.

We’ve introduced two highly requested features to make managing WordPress on RunCloud more reliable and developer-friendly, without having to manually update your wp-config.php.

Note: Both features require RunCloud Agent version 2.16.9 or later.

Easily Replace WP-Cron with a Server-Side Cron Job

WP-Cron is notoriously a source of missed schedules and unnecessary overhead. So, we’ve now made it easier than ever to replace it with a real server cron job.

What this does:

• Disables the default WordPress pseudo-cron (DISABLE_WP_CRON)
• Creates a server-level cron job that runs every 5 minutes
• Improves reliability for scheduled posts, backups, and other scheduled actions
• Reduces performance overhead from cron checks on every page load

This can be configured both when creating a new WordPress web application, as shown below: 

And, in your web application settings area under WordPress > General Settings, as shown below:

Development Mode Toggle (WP Debug Made Simple)

You can now also easily enable “Development Mode” for WordPress when debugging without having to risk exposing errors to website visitors. 

What this does:

• Enables/disables WordPress debug mode via UI

• Automatically manages:

  • WP_DEBUG
  • WP_DEBUG_LOG
  • WP_DEBUG_DISPLAY (disabled for safety)
  • SCRIPT_DEBUG
• Logs errors to a secure debug.log file
• Keeps errors hidden from visitors by default

RunCloud Agent v2.16.8 (patch)

What’s New

• Fix: Fixed an issue in OLS staging caused by enabling the Redis cache.
• Fix: Resolves a cloning issue between containerized and native servers.

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

If your server has not received the update after 72 hours, please contact our support team for manual assistance.

PHP Updates Now Available for NGINX

• PHP 8.5.5
• PHP 8.4.20

Note: If your server runs on OpenLiteSpeed, RunCloud does not handle PHP version updates. However, once a PHP version update becomes available for OpenLiteSpeed, it should also be automatically available on your server(s).

RunCloud Agent v2.16.4 (patch)

What’s New

• Fix: Resolved unexpected server shutdowns triggered by server disconnection events in certain conditions.

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

If your server has not received the update after 72 hours, please contact our support team for manual assistance.

You can now easily schedule restarts or run them automatically when required.

The 2 new ways to manage server restarts

1) Scheduled Restart

Restart your server at a fixed time based on your preferred schedule.

2) Restart when required 

Automatically restart only when a system update requires it, and run it during your next maintenance window.

In both cases, your Schedule Type can be a simple time-based preset or a Custom Cron Expression, as shown below: 

Note: When a restart may be required, you'll see a “Restart Recommended” badge on the server overview or in the servers list. You can also temporarily dismiss this reminder.

RunCloud Agent v2.16.2+10

Fixes

• Fixed an issue preventing successful cloning of WordPress sites from native servers to containerized servers.
• Resolved a bug where Auto Healing could fail when a database lock was present.
• Fixed an issue where ModSecurity interfered with multipart uploads.

Improvements

• Improved server downtime notifications to provide more reliable alerts during provider-level outages affecting connected servers.
• Added support for backups for web applications using Atomic Deployment.

Deployment Information

This update will automatically roll out to all compatible servers within 72 hours.

• No action is required.
• The update installs seamlessly in the background.

If your server has not received the update after 72 hours, please contact our support team for manual assistance.

PHP Updates Now Available for NGINX

• PHP 8.4.17
• PHP 8.3.30

Note: If your server runs on OpenLiteSpeed, RunCloud does not handle PHP version updates. However, once a PHP version update becomes available for OpenLiteSpeed, it should also be automatically available on your server(s).

RunCloud Agent v2.16.1+1

What’s New

• Improvement: You can now configure the dump binary used for incremental backups. 

Deployment Information