Percivalll

Percivalll / Copy-Fail-CVE-2026-31431-Kubernetes-PoC

Public

PoC: fully unprivileged container escape to node-level code execution on Kubernetes via CVE-2026-31431 page-cache corruption + shared image layers. Validated on Alibaba Cloud ACK and Amazon EKS.

container-escape cve-2026-31431 eks exploit kubernetes
45
14
69% credibility
Found May 05, 2026 at 45 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

Proof-of-concept tool demonstrating a Linux kernel vulnerability allowing unprivileged containers to execute code at the node level in Kubernetes via shared image layers.

How It Works

1
🔍 Discover the security test

You hear about a new weakness in container setups and find this simple test tool to check it safely on your own computers.

2
📥 Get the test ready

You download the tool and prepare a special image that matches parts of your secure system services.

3
🚀 Start the test

You place the test inside your container area, and it quietly changes shared memory spots without needing special powers.

4
Watch the magic happen

A powerful background service picks up the hidden change and runs your test code with full access, proving the escape works.

5
Confirm success

You check the main computer and see a success message, showing the weakness is real in your setup.

6
🧹 Clean everything up

You remove the test and restart services to return to normal.

🛡️ Strengthen your defenses

Now you understand the risk and can apply fixes like updating software or isolating services better.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 45 to 45 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Copy-Fail-CVE-2026-31431-Kubernetes-PoC?

This GitHub PoC demonstrates a fully unprivileged container escape to node-level code execution on Kubernetes clusters exploiting CVE-2026-31431, a Linux kernel page-cache corruption bug via AF_ALG splice races and shared image layers. Built in C for payloads and Go for the exploit logic, it targets privileged DaemonSets like kube-proxy, letting you deploy via simple YAML manifests on Alibaba Cloud ACK or Amazon EKS. Users get a ready-to-run demo that writes proof to the host filesystem, highlighting risks in container runtimes like containerd or CRI-O.

Why is it gaining traction?

Unlike generic kernel PoCs, this one weaponizes shared layers for real Kubernetes escapes without privileges, validated on managed clouds like ACK and EKS—similar to airborne or CSRF PoCs on GitHub but focused on 2026-era vulns. Its Makefile and deploy YAMLs make reproduction dead simple, no Helm or Copilot needed, and it generalizes to any privileged workload sharing images. With 45 stars, it's pulling security devs testing copy corruption paths in cloud setups.

Who should use this?

Kubernetes security engineers auditing EKS or ACK clusters for unpatched kernels, red teamers simulating container breaks on node DaemonSets, and cloud admins verifying mitigations like image isolation. Ideal for teams probing CNI plugins, monitoring agents, or log collectors without building from scratch.

Verdict

Grab it if you're in K8s security—docs are solid with walkthroughs, but low 45 stars and 0.699999988079071% credibility score mean it's early-stage; patch your kernels first. Strong for defensive testing, less for production exploits.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.