Cloud Platform
Acquia Status Regarding CVE-2026-31431 ("Copy Fail") and CVE-2026-43284 ("Dirty Frag")
On April 29, 2026, a vulnerability in the Linux kernel was disclosed, identified as CVE-2026-31431 and referred to as Copy Fail. This vulnerability involves a logic bug in specific kernel functions that can lead to unauthorised access and local privilege escalation under specific conditions. Shortly thereafter, related overlapping vulnerabilities, identified as CVE-2026-43284 and referred to as Dirty Frag, and CVE-2026-46300 and referred to as Fragnesia, were also made public.
Following an internal audit and impact analysis, Acquia has taken proactive steps to ensure our products and infrastructure remain secure. While existing security configurations provided initial protection, Acquia has deployed additional mitigations across potentially impacted systems to address both Copy Fail and the Dirty Frag variants.
Identifier: CVE-2026-31431 (Copy Fail), CVE-2026-43284 (Dirty Frag), and CVE-2026-46300 (Fragnesia)
Acquia Status: Mitigated / No action required by customers
References : Copy Fail: 732 Bytes to Root, and Dirty Frag variants
Acquia believes the necessary actions have been taken to keep the platform safe. We continue to monitor the landscape closely in alignment with the Acquia Shared Responsibility Model. Security and product teams are prepared to validate and deploy formal kernel patches as soon as they become available from upstream providers, ensuring protection without disruption to services. Mitigations are in place and Acquia will apply patches and updates in the future.
If the threat landscape changes, Acquia acts immediately:
Emergency Maintenance: Acquia deploys necessary mitigations according to security maintenance procedures.
Proactive Communication: Acquia Status documents any impact on product availability.
For additional details on protocols, refer to Acquia Security Maintenance FAQ.
Cloud Platform