| CVE | CVE-2026-31431 |
|---|---|
| Advisory Summary | Linux “Copy Fail” Vulnerability |
| Products or Components | See the impact section in the advisory |
| Addressed in Release | No Impact to March Networks products |
| Severity | N/A |
| Ticket | N/A |
Description
CVE-2026-31431 is a Linux kernel vulnerability that may allow a local user with limited access to escalate privileges to root on systems running Linux kernel version 4.14 or later. This vulnerability cannot be exploited remotely on its own. Successful exploitation requires local access to the operating system.
Impact
Based on our assessment, the risk to March Networks customers is considered low.
March Networks On-Premise Products:
- R5 systems use a Linux 3.x kernel and are not believed to be affected based on our current assessment.
- R6 systems do not allow local operating system user access and are not believed to be affected based on our current assessment.
- March Networks cameras and encoders do not allow local operating system user access and are not believed to be affected based on our current assessment.
- Command Recording Server (CRS) on Linux relies on the underlying Linux operating system maintained by the customer. These environments are typically single-user and are not exposed to multi-user risk; however, customers should continue to keep the Linux operating system updated in accordance with standard server security best practices. March Networks is not responsible for patching or updating the underlying operating system in customer-managed CRS environments.
March Networks Cloud Services:
- March Networks cloud environments do not permit external users to log in as local operating system users.
- March Networks is proactively applying Linux kernel updates across our cloud infrastructure in line with best security practices.
At this time:
- There is no evidence of exploitation affecting March Networks products or services.
- The overall risk to customers is considered low, given the requirement for local operating system access and the security controls in place across March Networks products and cloud services.
Our team will continue to monitor this situation and take appropriate action as needed. If you have questions or require further information, please contact March Networks Technical Support through your usual support channels.
Recommendation
For customers operating Command Recording Server (CRS) on a Linux operating system, including March Networks CRS Linux bundles, we recommend the following:
- Ensure the Linux operating system is kept up to date with the latest security patches.
- Restrict local Linux operating system access to authorized administrators only.
- Continue following standard server hardening and access control best practices.
This advisory is based on information available to March Networks as of May 6, 2026 and is provided for informational purposes only. March Networks makes no warranties or representations regarding the completeness or accuracy of this assessment. This advisory is subject to change as additional information becomes available. Customers are responsible for evaluating the applicability of any security measures to their own environments.
This advisory may be updated. Customers should refer to our Security Updates and Advisories page for the most current version.
Revision
May 7, 2027 – Updated public report
Disclaimer
March Networks’ assessment of this security vulnerability is contingent on the March Networks products being updated to the recommended release and/or security patch level and the system being deployed and configured in accordance with March Networks security recommendations and industry best practices. IT IS THE CUSTOMER’S RESPONSIBILITY TO EVALUATE THE EFFECT OF ANY SECURITY VULNERABILITY. A failure to update March Networks products and/or to follow March Networks recommendations or industry best practices may increase the risk associated with a security vulnerability. March Networks follows industry-leading practices in addressing security vulnerabilities in our products. While March Networks cannot guarantee that our products will be free from security vulnerabilities, we are committed to providing updates and security fixes for our supported products if and when a high-security vulnerability is determined to affect March Networks products.