PowerChute Network Shutdown Linux Virtual Machine has been flagged for CVE-2026-31431

Issue:

The PowerChute Network Shutdown Linux Virtual Machine has been flagged for CVE-2026-31431.

Product:

PowerChute Network Shutdown

Environment:

PowerChute Network Shutdown Linux Virtual Machine.

Cause:

An issue was discovered in the Linux kernel's algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker may exploit this flaw to corrupt the contents of system files and gain root privileges.

See https://nvd.nist.gov/vuln/detail/CVE-2026-31431

Solution:

Update the Linux system as recommended in the PowerChute Network Shutdown Security Handbook and Installation Guide.

1- To update the system log in to the PowerChute Linux VM as root and run the command dnf update.

2- When the command runs, you will be prompted to accept the update. Note that the update installation packages and upgrade packages will vary.

פורסם עבור: שניידר אלקטריק ישראל