A vulnerability dubbed "Copy Fail" affects most major open-source Linux distributions released since 2017 and was added to CISA's Known Exploited Vulnerabilities catalog. The flaw can let an attacker escalate to root using a ~732‑byte, ~10‑line Python script but requires prior code execution on the target. Researcher Xint Code called it trivially exploitable; Theori CEO Brian Pak privately reported it March 23, patches landed in mainline April 1, a CVE was assigned April 22 and a public write‑up and PoC were released April 29. CISA warned of significant federal risk and the bug could threaten cryptocurrency exchanges, blockchain nodes and custodial services that rely on Linux.

CISA added the Copy Fail bug to its KEV catalog and warned of federal risk; researcher and vendor statements describe trivial exploitability using a small Python script, but the exploit requires prior code execution; patches were merged to mainline April 1, a CVE was issued April 22 and a public PoC was published April 29. These facts justify negative sentiment and moderate market impact for Linux‑dependent crypto infrastructure.