PowerChute Network Shutdown Linux Virtual Machine has been flagged for CVE-2026-31431
Issue:
The PowerChute Network Shutdown Linux Virtual Machine has been flagged for CVE-2026-31431.
Product:
PowerChute Network Shutdown
Environment:
PowerChute Network Shutdown Linux Virtual Machine.
Cause:
An issue was discovered in the Linux kernel's algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker may exploit this flaw to corrupt the contents of system files and gain root privileges.
See https://nvd.nist.gov/vuln/detail/CVE-2026-31431
Solution:
Update the Linux system as recommended in the PowerChute Network Shutdown Security Handbook and Installation Guide.
1- To update the system log in to the PowerChute Linux VM as root and run the command dnf update.
2- When the command runs, you will be prompted to accept the update. Note that the update installation packages and upgrade packages will vary.