Action regarding “Copy Fail” (CVE-2026-31431), “Dirty Frag” (CVE-2026-43284), and “Fragnesia” (CVE-2026-46300): If you or your agency are running self-managed servers (raw EC2 instances, DigitalOcean, on-prem servers, etc) you should patch them and restart immediately.
AI, and specifically LLMs, have accelerated the world of IT security, both in the discovery and resolution of major security threats. Vulnerabilities of this scale typically emerge every 2-3 years (see XZ Utils (2024), Dirty Pipe (2022), Dirty COW (2016), but while drafting this post, researchers discovered two other major vulnerabilities – the security threats are coming hard and fast.
We’ve had three vulnerabilities at this scale in the span of 2 weeks:
- “Copy Fail” (CVE-2026-31431)
- “Dirty Frag” (CVE-2026-43284)
- “Fragnesia” (CVE-2026-46300)
While these are Linux vulnerabilities and you may not be running Linux personally, consider that ~90% of all public cloud infrastructure runs on Linux (w3techs.com, commandlinux.com). For those of you who are not familiar, Linux, it’s an operating system (like Windows or macOS) that runs the servers that host almost all websites, online services, and software.
For most agencies, the operational checklist boils down to:
- Self-hosted inventory: Review any raw virtual machines through cloud providers, run system updates and reboot them.
- Managed hosts: For services like WPEngine, Kinsta, etc. check status pages or ping support to ensure they’ve patched their systems.
- Cloud providers: Confirm cloud vendors have updated their underlying systems – this is typically handled automatically but if you’re using a less-well-known cloud provider or you’re unsure, you should check.
For digital marketing agencies (or any other agencies with technical infrastructure, website hosting services, etc) this can represent an IT problem as well as a business continuity problem. In many cases, our hosted services and cloud platforms will handle all of this behind the scenes – but be aware of your exposure and what a breach or potential downtime means to client trust.
Intellitonic is a digital marketing agency that has a huge amount of respect (and a respectable amount of experience) in the realm of security and cloud technology. Please reach out if you have questions, comments, or just need someone to kick the tires.
