DirtyDecrypt PoC Published for Patched Linux Kernel LPE CVE-2026-31635

Proof-of-concept exploit code has been released for CVE-2026-31635, a Linux kernel local privilege escalation vulnerability dubbed DirtyDecrypt (also known as DirtyCBC). The vulnerability was discovered by the Zellic and V12 security team on May 9, 2026, and patched in April. With a public PoC now available, exploitation attempts against unpatched systems are likely to increase rapidly. Linux system administrators should verify the April kernel patch is applied, particularly on multi-tenant systems, shared hosting environments, and servers where low-privileged or untrusted users can execute code. Container environments without strict seccomp/AppArmor profiles may also be at risk.